CVE-2015-7512Classic Buffer Overflow in Qemu

CWE-120Classic Buffer OverflowCWE-122Heap-based Buffer Overflow10 documents8 sources
Severity
9.0CRITICALNVD
EPSS
21.1%
top 4.34%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
9
QemuDebian LinuxOracle Linux+6 more
Timeline
PublishedJan 8
Latest updateMay 13

Description

Buffer overflow in the pcnet_receive function in hw/net/pcnet.c in QEMU, when a guest NIC has a larger MTU, allows remote attackers to cause a denial of service (guest OS crash) or execute arbitrary code via a large packet.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:HExploitability: 2.2 | Impact: 6.0

Affected Packages8 packages

Debianqemu/qemu< 1:2.5+dfsg-1+3
NVDqemu/qemu2.4.1+1

Also affects: Debian Linux 7.0, 8.0, Enterprise Linux 6.7

🔴Vulnerability Details

3
GHSA
GHSA-4583-4mx5-3jcc: Buffer overflow in the pcnet_receive function in hw/net/pcnet2022-05-13
OSV
CVE-2015-7512: Buffer overflow in the pcnet_receive function in hw/net/pcnet2016-01-08
CVEList
CVE-2015-7512: Buffer overflow in the pcnet_receive function in hw/net/pcnet2016-01-08

📋Vendor Advisories

3
Ubuntu
QEMU vulnerabilities2015-12-03
Red Hat
Qemu: net: pcnet: buffer overflow in non-loopback mode2015-11-30
Debian
CVE-2015-7512: qemu - Buffer overflow in the pcnet_receive function in hw/net/pcnet.c in QEMU, when a ...2015

💬Community

3
Bugzilla
CVE-2015-7512 Qemu: net: pcnet: buffer overflow in non-loopback mode [fedora-all]2015-11-30
Bugzilla
CVE-2015-7512 xen: Qemu: net: pcnet: buffer overflow in non-loopback mode [fedora-all]2015-11-30
Bugzilla
CVE-2015-7512 Qemu: net: pcnet: buffer overflow in non-loopback mode2015-11-24
CVE-2015-7512 — Classic Buffer Overflow in Qemu | cvebase