CVE-2015-7504Out-of-bounds Write in Qemu

CWE-787Out-of-bounds WriteCWE-122Heap-based Buffer Overflow13 documents8 sources
Severity
8.8HIGHNVD
OSV5.0
EPSS
0.8%
top 26.22%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
QemuDebian QemuDebian Linux+3 more
Timeline
PublishedOct 16
Latest updateMay 13

Description

Heap-based buffer overflow in the pcnet_receive function in hw/net/pcnet.c in QEMU allows guest OS administrators to cause a denial of service (instance crash) or possibly execute arbitrary code via a series of packets in loopback mode.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:HExploitability: 2.0 | Impact: 6.0

Affected Packages7 packages

debiandebian/qemu< qemu 1:2.5+dfsg-1 (bookworm)
Debianqemu/qemu< 1:2.5+dfsg-1+3
Ubuntuqemu/qemu< 2.0.0+dfsg-2ubuntu1.21
NVDqemu/qemu2.4.1+1

Also affects: Debian Linux 7.0, 8.0

Patches

Patch: www.openwall.comPatch: xenbits.xen.orgPatch: lists.gnu.org

🔴Vulnerability Details

3
GHSA
GHSA-55jf-8f2x-33wf: Heap-based buffer overflow in the pcnet_receive function in hw/net/pcnet2022-05-13
OSV
CVE-2015-7504: Heap-based buffer overflow in the pcnet_receive function in hw/net/pcnet2017-10-16
OSV
qemu, qemu-kvm vulnerabilities2015-12-03

📋Vendor Advisories

4
Microsoft
Heap-based buffer overflow in the pcnet_receive function in hw/net/pcnet.c in QEMU allows guest OS administrators to cause a denial of service (instance crash) or possibly execute arbitrary code via a2017-10-10
Ubuntu
QEMU vulnerabilities2015-12-03
Red Hat
Qemu: net: pcnet: heap overflow vulnerability in pcnet_receive2015-11-30
Debian
CVE-2015-7504: qemu - Heap-based buffer overflow in the pcnet_receive function in hw/net/pcnet.c in QE...2015

💬Community

5
Bugzilla
CVE-2015-7504 Qemu: net: pcnet: heap overflow vulnerability in pcnet_receive [fedora-all]2015-11-30
Bugzilla
CVE-2015-7504 xen: Qemu: net: pcnet: heap overflow vulnerability in pcnet_receive [fedora-all]2015-11-30
Bugzilla
CVE-2015-7504 Qemu: net: pcnet: heap overflow vulnerability in pcnet_receive [epel-7]2015-11-30
Bugzilla
CVE-2015-7504 Qemu: net: pcnet: heap overflow vulnerability in pcnet_receive [epel-5]2015-11-30
Bugzilla
CVE-2015-7504 Qemu: net: pcnet: heap overflow vulnerability in pcnet_receive2015-09-09