CVE-2015-5278
published 2020-01-23CVE-2015-5278: The ne2000_receive function in hw/net/ne2000.c in QEMU before 2.4.0.1 allows attackers to cause a denial of service (infinite loop and instance crash) or…
PriorityP433medium6.5CVSS 3.1
AVNACLPRLUINSUCNINAH
EPSS
2.34%
81.5th percentile
The ne2000_receive function in hw/net/ne2000.c in QEMU before 2.4.0.1 allows attackers to cause a denial of service (infinite loop and instance crash) or possibly execute arbitrary code via vectors related to receiving packets.
Affected
18 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| arista | eos | — | — |
| arista | eos | — | — |
| arista | eos | — | — |
| arista | eos | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | qemu | < qemu 1:2.4+dfsg-3 (bookworm) | qemu 1:2.4+dfsg-3 (bookworm) |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| qemu | qemu | < 2.4.0.1 | 2.4.0.1 |
| qemu | qemu | — | — |
| qemu | qemu | >= 0 < 1:2.4+dfsg-3 | 1:2.4+dfsg-3 |
| qemu | qemu | >= 0 < 1:2.4+dfsg-3 | 1:2.4+dfsg-3 |
| qemu | qemu | >= 0 < 1:2.4+dfsg-3 | 1:2.4+dfsg-3 |
| qemu | qemu | >= 0 < 1:2.4+dfsg-3 | 1:2.4+dfsg-3 |
| qemu | qemu | >= 0 < 2.0.0+dfsg-2ubuntu1.19 | 2.0.0+dfsg-2ubuntu1.19 |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:N/I:N/A:P
osv6.5MEDIUM
vendor_debian6.5MEDIUM
vendor_redhat6.5MEDIUM
vendor_ubuntu6.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-7423-57pf-4w2q: The ne2000_receive function in hw/net/ne2000
ghsa_unreviewed·2022-05-24
CVE-2015-5278 [MEDIUM] CWE-835 GHSA-7423-57pf-4w2q: The ne2000_receive function in hw/net/ne2000
The ne2000_receive function in hw/net/ne2000.c in QEMU before 2.4.0.1 allows attackers to cause a denial of service (infinite loop and instance crash) or possibly execute arbitrary code via vectors related to receiving packets.
OSV
CVE-2015-5278: The ne2000_receive function in hw/net/ne2000
osv·2020-01-23·CVSS 6.5
CVE-2015-5278 [MEDIUM] CVE-2015-5278: The ne2000_receive function in hw/net/ne2000
The ne2000_receive function in hw/net/ne2000.c in QEMU before 2.4.0.1 allows attackers to cause a denial of service (infinite loop and instance crash) or possibly execute arbitrary code via vectors related to receiving packets.
OSV
qemu, qemu-kvm vulnerabilities
osv·2015-09-24·CVSS 6.5
CVE-2015-5239 [MEDIUM] qemu, qemu-kvm vulnerabilities
qemu, qemu-kvm vulnerabilities
Lian Yihan discovered that QEMU incorrectly handled certain payload
messages in the VNC display driver. A malicious guest could use this issue
to cause the QEMU process to hang, resulting in a denial of service. This
issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-5239)
Qinghao Tang discovered that QEMU incorrectly handled receiving certain
packets in the NE2000 network driver. A malicious guest could use this
issue to cause the QEMU process to hang, resulting in a denial of service.
(CVE-2015-5278)
Qinghao Tang discovered that QEMU incorrectly handled receiving certain
packets in the NE2000 network driver. A malicious guest could use this
issue to cause a denial of service, or possibly execute arbitrary code on
the host as the user ru
Ubuntu
QEMU vulnerabilities
vendor_ubuntu·2015-09-24·CVSS 6.5
CVE-2015-5239 [MEDIUM] QEMU vulnerabilities
Title: QEMU vulnerabilities
Summary: Several security issues were fixed in QEMU.
Lian Yihan discovered that QEMU incorrectly handled certain payload
messages in the VNC display driver. A malicious guest could use this issue
to cause the QEMU process to hang, resulting in a denial of service. This
issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-5239)
Qinghao Tang discovered that QEMU incorrectly handled receiving certain
packets in the NE2000 network driver. A malicious guest could use this
issue to cause the QEMU process to hang, resulting in a denial of service.
(CVE-2015-5278)
Qinghao Tang discovered that QEMU incorrectly handled receiving certain
packets in the NE2000 network driver. A malicious guest could use this
issue to cause a denial of service, or possibl
Red Hat
qemu: Infinite loop in ne2000_receive() function
vendor_redhat·2015-09-15·CVSS 6.5
CVE-2015-5278 [MEDIUM] CWE-835 qemu: Infinite loop in ne2000_receive() function
qemu: Infinite loop in ne2000_receive() function
The ne2000_receive function in hw/net/ne2000.c in QEMU before 2.4.0.1 allows attackers to cause a denial of service (infinite loop and instance crash) or possibly execute arbitrary code via vectors related to receiving packets.
A flaw was found where a QEMU emulator built with NE2000 NIC emulation support was vulnerable to an infinite loop issue that occurred when receiving packets over the network. A privileged user inside a guest could use this flaw to crash the QEMU instance, resulting in a denial of service.
Statement: This issue affects the versions of kvm and xen packages as shipped with Red Hat Enterprise Linux 5.
This issue affects the versions of the qemu-kvm packages as shipped with Red Hat Enterprise Linux 6 and 7.
This issue a
Debian
CVE-2015-5278: qemu - The ne2000_receive function in hw/net/ne2000.c in QEMU before 2.4.0.1 allows att...
vendor_debian·2015·CVSS 6.5
CVE-2015-5278 [MEDIUM] CVE-2015-5278: qemu - The ne2000_receive function in hw/net/ne2000.c in QEMU before 2.4.0.1 allows att...
The ne2000_receive function in hw/net/ne2000.c in QEMU before 2.4.0.1 allows attackers to cause a denial of service (infinite loop and instance crash) or possibly execute arbitrary code via vectors related to receiving packets.
Scope: local
bookworm: resolved (fixed in 1:2.4+dfsg-3)
bullseye: resolved (fixed in 1:2.4+dfsg-3)
forky: resolved (fixed in 1:2.4+dfsg-3)
sid: resolved (fixed in 1:2.4+dfsg-3)
trixie: resolved (fixed in 1:2.4+dfsg-3)
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2015-5278 qemu: Infinite loop in ne2000_receive() function [fedora-all]
bugzilla·2015-09-15·CVSS 6.5
CVE-2015-5278 [MEDIUM] CVE-2015-5278 qemu: Infinite loop in ne2000_receive() function [fedora-all]
CVE-2015-5278 qemu: Infinite loop in ne2000_receive() function [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fe
Bugzilla
CVE-2015-5278 xen: qemu: Infinite loop in ne2000_receive() function [fedora-all]
bugzilla·2015-09-15·CVSS 6.5
CVE-2015-5278 [MEDIUM] CVE-2015-5278 xen: qemu: Infinite loop in ne2000_receive() function [fedora-all]
CVE-2015-5278 xen: qemu: Infinite loop in ne2000_receive() function [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions
Bugzilla
CVE-2015-5278 qemu: Infinite loop in ne2000_receive() function
bugzilla·2015-08-25·CVSS 6.5
CVE-2015-5278 [MEDIUM] CVE-2015-5278 qemu: Infinite loop in ne2000_receive() function
CVE-2015-5278 qemu: Infinite loop in ne2000_receive() function
Qemu emulator built with the NE2000 NIC emulation support is vulnerable to an infinite loop issue. It could occur when receiving packets over the network.
A privileged user inside guest could use this flaw to crash the Qemu instance resulting in DoS.
Upstream fix:
-> https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg03985.html
Reference:
-> http://www.openwall.com/lists/oss-security/2015/09/15/2
Discussion:
Created attachment 1066776
Crash report
---
Statement:
This issue affects the versions of kvm and xen packages as shipped with Red Hat Enterprise Linux 5.
This issue affects the versions of the qemu-kvm packages as shipped with Red Hat Enterprise Linux 6 and 7.
This issue affects the Red Hat Enterprise Linu
http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168077.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2015-October/168646.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2015-October/168671.htmlhttp://www.openwall.com/lists/oss-security/2015/09/15/2http://www.ubuntu.com/usn/USN-2745-1https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg03985.htmlhttps://lists.gnu.org/archive/html/qemu-devel/2015-09/msg05832.htmlhttps://www.arista.com/en/support/advisories-notices/security-advisories/1188-security-advisory-14http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168077.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2015-October/168646.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2015-October/168671.htmlhttp://www.openwall.com/lists/oss-security/2015/09/15/2http://www.ubuntu.com/usn/USN-2745-1https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg03985.htmlhttps://lists.gnu.org/archive/html/qemu-devel/2015-09/msg05832.htmlhttps://www.arista.com/en/support/advisories-notices/security-advisories/1188-security-advisory-14
2020-01-23
Published