CVE-2015-3209
published 2015-06-15CVE-2015-3209: Heap-based buffer overflow in the PCNET controller in QEMU allows remote attackers to execute arbitrary code by sending a packet with TXSTATUS_STARTPACKET set…
high7.5CVSS 3.1
AVNACLAuNCPIPAP
Heap-based buffer overflow in the PCNET controller in QEMU allows remote attackers to execute arbitrary code by sending a packet with TXSTATUS_STARTPACKET set and then a crafted packet with TXSTATUS_DEVICEOWNS set.
Affected
44 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| arista | eos | — | — |
| arista | eos | — | — |
| arista | eos | — | — |
| arista | eos | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | qemu | < qemu 1:2.3+dfsg-6 (bookworm) | qemu 1:2.3+dfsg-6 (bookworm) |
| debian | xen | < qemu 1:2.3+dfsg-6 (bookworm) | qemu 1:2.3+dfsg-6 (bookworm) |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| juniper | junos_space | <= 15.1 | — |
| qemu | qemu | <= 2.3.1 | — |
| qemu | qemu | >= 0 < 1:2.3+dfsg-6 | 1:2.3+dfsg-6 |
| qemu | qemu | >= 0 < 1:2.3+dfsg-6 | 1:2.3+dfsg-6 |
| qemu | qemu | >= 0 < 1:2.3+dfsg-6 | 1:2.3+dfsg-6 |
| qemu | qemu | >= 0 < 1:2.3+dfsg-6 | 1:2.3+dfsg-6 |
| qemu | qemu | >= 0 < 2.0.0+dfsg-2ubuntu1.13 | 2.0.0+dfsg-2ubuntu1.13 |
| redhat | enterprise_linux_desktop | — | — |
| redhat | enterprise_linux_eus | — | — |
| redhat | enterprise_linux_server | — | — |
CVSS provenance
nvd7.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv7.5HIGH