CVE-2017-6355Integer Overflow or Wraparound in Virglrenderer

CWE-190Integer Overflow or Wraparound6 documents6 sources
Severity
5.5MEDIUMNVD
EPSS
0.1%
top 66.48%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Virglrenderer Project VirglrendererFreedesktop Virglrenderer
Timeline
PublishedMar 10
Latest updateMay 17

Description

Integer overflow in the vrend_create_shader function in vrend_renderer.c in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service (process crash) via crafted pkt_length and offlen values, which trigger an out-of-bounds access.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

Patches

Patch: www.openwall.comPatch: cgit.freedesktop.orgPatch: lists.freedesktop.org

🔴Vulnerability Details

3
GHSA
GHSA-jw74-hhvm-7qcr: Integer overflow in the vrend_create_shader function in vrend_renderer2022-05-17
OSV
CVE-2017-6355: Integer overflow in the vrend_create_shader function in vrend_renderer2017-03-10
CVEList
CVE-2017-6355: Integer overflow in the vrend_create_shader function in vrend_renderer2017-03-10

📋Vendor Advisories

1
Debian
CVE-2017-6355: virglrenderer - Integer overflow in the vrend_create_shader function in vrend_renderer.c in virg...2017

💬Community

1
Bugzilla
CVE-2017-6355 Virglrenderer: renderer: integer overflow while creating shader object2017-02-27
CVE-2017-6355 — Integer Overflow or Wraparound | cvebase