CVE-2014-0145 - OpenCVE

Multiple buffer overflows in QEMU before 1.7.2 and 2.x before 2.0.0, allow local users to cause a denial of service (crash) or possibly execute arbitrary code via a large (1) L1 table in the qcow2_snapshot_load_tmp in the QCOW 2 block driver (block/qcow2-snapshot.c) or (2) uncompressed chunk, (3) chunk length, or (4) number of sectors in the DMG block driver (block/dmg.c).

No CVSS v3.1

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:L/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Qemu	Qemu

Configuration 1 [-]

OR	cpe:2.3:a:qemu:qemu::::::::
	cpe:2.3:a:qemu:qemu:2.0.0:rc0::::::
	cpe:2.3:a:qemu:qemu:2.0.0:rc1::::::
	cpe:2.3:a:qemu:qemu:2.0.0:rc2::::::
	cpe:2.3:a:qemu:qemu:2.0.0:rc3::::::

References

Link	Resource
http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=c05e4667be91b46ab42b5a11babf8e84d476cc6b
http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=f0dce23475b5af5da6b17b97c1765271307734b6
http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=c165f7758009a4f793c1fc19ebb69cf55313450b
http://rhn.redhat.com/errata/RHSA-2014-0420.html	Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2014-0421.html	Third Party Advisory
http://www.debian.org/security/2014/dsa-3044
http://www.openwall.com/lists/oss-security/2014/03/26/8	Mailing List Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1078885	Issue Tracking Third Party Advisory
https://lists.gnu.org/archive/html/qemu-devel/2014-03/msg04994.html	Patch Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2017-08-10T15:00:00

Updated: 2017-11-03T18:57:01

Reserved: 2013-12-03T00:00:00

Link: CVE-2014-0145

JSON object: View

NVD Information

Status : Modified

Published: 2017-08-10T15:29:00.270

Modified: 2023-02-13T00:32:51.143

Link: CVE-2014-0145

JSON object: View

Redhat Information

No data.

CWE

CWE-119

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-03-26T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple buffer overflows in QEMU before 1.7.2 and 2.x before 2.0.0, allow local users to cause a denial of service (crash) or possibly execute arbitrary code via a large (1) L1 table in the qcow2_snapshot_load_tmp in the QCOW 2 block driver (block/qcow2-snapshot.c) or (2) uncompressed chunk, (3) chunk length, or (4) number of sectors in the DMG block driver (block/dmg.c)."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-11-03T18:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "RHSA-2014:0420", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2014-0420.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=f0dce23475b5af5da6b17b97c1765271307734b6"}, {"name": "RHSA-2014:0421", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2014-0421.html"}, {"tags": ["x_refsource_MISC"], "url": "https://lists.gnu.org/archive/html/qemu-devel/2014-03/msg04994.html"}, {"name": "DSA-3044", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2014/dsa-3044"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=c165f7758009a4f793c1fc19ebb69cf55313450b"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1078885"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=c05e4667be91b46ab42b5a11babf8e84d476cc6b"}, {"name": "[oss-security] 20140326 QEMU image format input validation fixes (multiple CVEs)", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2014/03/26/8"}]}}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2014-0145", "datePublished": "2017-08-10T15:00:00", "dateReserved": "2013-12-03T00:00:00", "dateUpdated": "2017-11-03T18:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*", "matchCriteriaId": "535B1295-C195-4EFD-8509-C6DE3FAF3F3E", "versionEndIncluding": "1.7.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:qemu:qemu:2.0.0:rc0:*:*:*:*:*:*", "matchCriteriaId": "D583599F-AE5E-40E4-8489-62FD1D0A7845", "vulnerable": true}, {"criteria": "cpe:2.3:a:qemu:qemu:2.0.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "DE70D9B7-F422-455F-8413-CF34342B22AB", "vulnerable": true}, {"criteria": "cpe:2.3:a:qemu:qemu:2.0.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "E3946C39-A3D1-4E2B-9C7D-0654D9A644EA", "vulnerable": true}, {"criteria": "cpe:2.3:a:qemu:qemu:2.0.0:rc3:*:*:*:*:*:*", "matchCriteriaId": "7F858FD1-58A3-46ED-A3C6-64ECEDF8E458", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Multiple buffer overflows in QEMU before 1.7.2 and 2.x before 2.0.0, allow local users to cause a denial of service (crash) or possibly execute arbitrary code via a large (1) L1 table in the qcow2_snapshot_load_tmp in the QCOW 2 block driver (block/qcow2-snapshot.c) or (2) uncompressed chunk, (3) chunk length, or (4) number of sectors in the DMG block driver (block/dmg.c)."}, {"lang": "es", "value": "M\u00faltiples desbordamientos de b\u00fafer en QEMU en versiones anteriores a la 1.7.2 y en versiones 2.x anteriores a la 2.0.0 permiten que usuarios locales provoquen una denegaci\u00f3n de servicio o que puedan ejecutar c\u00f3digo arbitrario mediante una gran (1) tabla L1 en qcow2_snapshot_load_tmp en el controlador de bloque QCOW 2 (block/qcow2-snapshot.c) o (2) fragmento sin comprimir, (3) tama\u00f1o de fragmento, o (4) n\u00famero de sectores en el controlador de bloque DMG (block/dmg.c)."}], "id": "CVE-2014-0145", "lastModified": "2023-02-13T00:32:51.143", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-08-10T15:29:00.270", "references": [{"source": "secalert@redhat.com", "url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=c05e4667be91b46ab42b5a11babf8e84d476cc6b"}, {"source": "secalert@redhat.com", "url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=f0dce23475b5af5da6b17b97c1765271307734b6"}, {"source": "secalert@redhat.com", "url": "http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=c165f7758009a4f793c1fc19ebb69cf55313450b"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2014-0420.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2014-0421.html"}, {"source": "secalert@redhat.com", "url": "http://www.debian.org/security/2014/dsa-3044"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2014/03/26/8"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1078885"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://lists.gnu.org/archive/html/qemu-devel/2014-03/msg04994.html"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}