CVE-2012-0029 - OpenCVE

Heap-based buffer overflow in the process_tx_desc function in the e1000 emulation (hw/e1000.c) in qemu-kvm 0.12, and possibly other versions, allows guest OS users to cause a denial of service (QEMU crash) and possibly execute arbitrary code via crafted legacy mode packets.

No CVSS v3.1

No CVSS v3.0

Access Vector Adjacent Network

Access Complexity Medium

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:A/AC:M/Au:S/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Kvm Group	Qemu-kvm

Configuration 1 [-]

cpe:2.3:a:kvm_group:qemu-kvm:0.12:*:*:*:*:*:*:*

References

Link	Resource
http://git.qemu.org/?p=qemu.git%3Ba=log%3Bh=refs/heads/stable-1.0
http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081972.html
http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00002.html
http://lists.opensuse.org/opensuse-updates/2012-02/msg00009.html
http://rhn.redhat.com/errata/RHSA-2012-0370.html
http://secunia.com/advisories/47740	Vendor Advisory
http://secunia.com/advisories/47741	Vendor Advisory
http://secunia.com/advisories/47992
http://secunia.com/advisories/48318
http://secunia.com/advisories/50913
http://www.redhat.com/support/errata/RHSA-2012-0050.html
http://www.securityfocus.com/bid/51642
http://www.ubuntu.com/usn/USN-1339-1
https://bugzilla.redhat.com/show_bug.cgi?id=772075
https://exchange.xforce.ibmcloud.com/vulnerabilities/72656

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2012-01-27T15:00:00

Updated: 2017-08-28T12:57:01

Reserved: 2011-12-07T00:00:00

Link: CVE-2012-0029

JSON object: View

NVD Information

Status : Modified

Published: 2012-01-27T15:55:04.750

Modified: 2023-02-13T00:22:33.990

Link: CVE-2012-0029

JSON object: View

Redhat Information

No data.

CWE

CWE-119

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2012-01-05T00:00:00", "descriptions": [{"lang": "en", "value": "Heap-based buffer overflow in the process_tx_desc function in the e1000 emulation (hw/e1000.c) in qemu-kvm 0.12, and possibly other versions, allows guest OS users to cause a denial of service (QEMU crash) and possibly execute arbitrary code via crafted legacy mode packets."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-28T12:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "qemu-processtxdesc-bo(72656)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72656"}, {"name": "47741", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/47741"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://git.qemu.org/?p=qemu.git%3Ba=log%3Bh=refs/heads/stable-1.0"}, {"name": "47992", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/47992"}, {"name": "48318", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/48318"}, {"name": "47740", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/47740"}, {"name": "RHSA-2012:0050", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2012-0050.html"}, {"name": "openSUSE-SU-2012:0207", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2012-02/msg00009.html"}, {"name": "USN-1339-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-1339-1"}, {"name": "51642", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/51642"}, {"name": "50913", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/50913"}, {"name": "SUSE-SU-2012:1320", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00002.html"}, {"name": "RHSA-2012:0370", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2012-0370.html"}, {"tags": ["x_refsource_MISC"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=772075"}, {"name": "FEDORA-2012-8604", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081972.html"}]}}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2012-0029", "datePublished": "2012-01-27T15:00:00", "dateReserved": "2011-12-07T00:00:00", "dateUpdated": "2017-08-28T12:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:kvm_group:qemu-kvm:0.12:*:*:*:*:*:*:*", "matchCriteriaId": "A7E67322-2B2B-450B-B16F-67673557F8E1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Heap-based buffer overflow in the process_tx_desc function in the e1000 emulation (hw/e1000.c) in qemu-kvm 0.12, and possibly other versions, allows guest OS users to cause a denial of service (QEMU crash) and possibly execute arbitrary code via crafted legacy mode packets."}, {"lang": "es", "value": "Una vulnerabilidad de desbordamiento de buffer basado en memoria din\u00e1mica (heap)en la funci\u00f3n process_tx_desc en la emulaci\u00f3n de un e1000 (hw/e1000.c) en qemu-kvm v0.12, y posiblemente otras versiones, permite causar una denegaci\u00f3n de servicio (por ca\u00edda de QEMU) y posiblemente ejecutar c\u00f3digo de su elecci\u00f3n a los usuarios del sistema operativo emulado a trav\u00e9s de paquetes de modo 'legacy' especificamente modificados."}], "id": "CVE-2012-0029", "lastModified": "2023-02-13T00:22:33.990", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "ADJACENT_NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 7.4, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:A/AC:M/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 4.4, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2012-01-27T15:55:04.750", "references": [{"source": "secalert@redhat.com", "url": "http://git.qemu.org/?p=qemu.git%3Ba=log%3Bh=refs/heads/stable-1.0"}, {"source": "secalert@redhat.com", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081972.html"}, {"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00002.html"}, {"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-updates/2012-02/msg00009.html"}, {"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2012-0370.html"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/47740"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/47741"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/47992"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/48318"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/50913"}, {"source": "secalert@redhat.com", "url": "http://www.redhat.com/support/errata/RHSA-2012-0050.html"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/51642"}, {"source": "secalert@redhat.com", "url": "http://www.ubuntu.com/usn/USN-1339-1"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=772075"}, {"source": "secalert@redhat.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72656"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}