CVE-2015-8619 — Out-of-bounds Write in Qemu

CWE-787 — Out-of-bounds Write CWE-121 — Stack-based Buffer Overflow10 documents7 sources

Severity

7.5HIGHNVD

OSV6.0

EPSS

3.3%

top 12.72%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Qemu Debian Qemu Debian Linux

Timeline

PublishedApr 13

Latest updateMay 13

Description

The Human Monitor Interface support in QEMU allows remote attackers to cause a denial of service (out-of-bounds write and application crash).

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

▶debiandebian/qemu< qemu 1:2.5+dfsg-5 (bookworm)

▶Debianqemu/qemu< 1:2.5+dfsg-5+3

▶Ubuntuqemu/qemu< 2.0.0+dfsg-2ubuntu1.22

▶NVDqemu/qemu2.5.1.1

Also affects: Debian Linux 8.0

Patches

Patch: lists.gnu.org ↗Patch: lists.gnu.org ↗

🔴Vulnerability Details

GHSA

GHSA-r4pc-c829-5g35: The Human Monitor Interface support in QEMU allows remote attackers to cause a denial of service (out-of-bounds write and application crash)↗2022-05-13

▶

OSV

CVE-2015-8619: The Human Monitor Interface support in QEMU allows remote attackers to cause a denial of service (out-of-bounds write and application crash)↗2017-04-13

▶

OSV

qemu, qemu-kvm vulnerabilities↗2016-02-03

▶

📋Vendor Advisories

Ubuntu

QEMU vulnerabilities↗2016-02-03

▶

Red Hat

Qemu: hmp: stack based OOB write in hmp_sendkey routine↗2015-12-17

▶

Debian

CVE-2015-8619: qemu - The Human Monitor Interface support in QEMU allows remote attackers to cause a d...↗2015

▶

💬Community

Bugzilla

CVE-2015-8619 qemu: Stack-based buffer overflow in hmp_sendkey() [epel-all]↗2015-12-18

▶

Bugzilla

CVE-2015-8619 qemu: Stack-based buffer overflow in hmp_sendkey() [fedora-all]↗2015-12-18

▶

Bugzilla

CVE-2015-8619 Qemu: hmp: stack based OOB write in hmp_sendkey routine↗2015-11-20

▶