CVE-2015-5279 - OpenCVE

Heap-based buffer overflow in the ne2000_receive function in hw/net/ne2000.c in QEMU before 2.4.0.1 allows guest OS users to cause a denial of service (instance crash) or possibly execute arbitrary code via vectors related to receiving packets.

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:L/AC:L/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Qemu	Qemu

Configuration 1 [-]

cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*

References

Link	Resource
http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=7aa2bcad0ca837dd6d4bf4fa38a80314b4a6b755
http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169036.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169039.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167369.html
http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00019.html
http://rhn.redhat.com/errata/RHSA-2015-1896.html
http://rhn.redhat.com/errata/RHSA-2015-1923.html
http://rhn.redhat.com/errata/RHSA-2015-1924.html
http://rhn.redhat.com/errata/RHSA-2015-1925.html
http://www.debian.org/security/2015/dsa-3361
http://www.debian.org/security/2015/dsa-3362
http://www.openwall.com/lists/oss-security/2015/09/15/3
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
http://www.securityfocus.com/bid/76746
http://www.securitytracker.com/id/1033569
https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg03984.html
https://security.gentoo.org/glsa/201602-01
https://www.arista.com/en/support/advisories-notices/security-advisories/1188-security-advisory-14

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2015-09-28T16:00:00

Updated: 2021-11-05T17:02:34

Reserved: 2015-07-01T00:00:00

Link: CVE-2015-5279

JSON object: View

NVD Information

Status : Modified

Published: 2015-09-28T16:59:02.270

Modified: 2023-02-13T00:52:48.770

Link: CVE-2015-5279

JSON object: View

Redhat Information

No data.

CWE

CWE-119

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-09-15T00:00:00", "descriptions": [{"lang": "en", "value": "Heap-based buffer overflow in the ne2000_receive function in hw/net/ne2000.c in QEMU before 2.4.0.1 allows guest OS users to cause a denial of service (instance crash) or possibly execute arbitrary code via vectors related to receiving packets."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-11-05T17:02:34", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "DSA-3361", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2015/dsa-3361"}, {"name": "FEDORA-2015-16369", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169036.html"}, {"name": "FEDORA-2015-16370", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167369.html"}, {"name": "[oss-security] 20150915 CVE-2015-5279 Qemu: net: add checks to validate ring buffer pointers", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2015/09/15/3"}, {"name": "[Qemu-devel] 20150915 [PULL 2/3] net: add checks to validate ring buffer pointers", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg03984.html"}, {"name": "RHSA-2015:1896", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1896.html"}, {"name": "SUSE-SU-2015:1782", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00019.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=7aa2bcad0ca837dd6d4bf4fa38a80314b4a6b755"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"}, {"name": "FEDORA-2015-16368", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169039.html"}, {"name": "RHSA-2015:1924", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1924.html"}, {"name": "76746", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/76746"}, {"name": "DSA-3362", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2015/dsa-3362"}, {"name": "1033569", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1033569"}, {"name": "RHSA-2015:1923", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1923.html"}, {"name": "RHSA-2015:1925", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1925.html"}, {"name": "GLSA-201602-01", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201602-01"}, {"tags": ["x_refsource_MISC"], "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1188-security-advisory-14"}]}}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2015-5279", "datePublished": "2015-09-28T16:00:00", "dateReserved": "2015-07-01T00:00:00", "dateUpdated": "2021-11-05T17:02:34", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*", "matchCriteriaId": "AD6602DD-7B3E-4AD9-940C-D960B77C41C2", "versionEndIncluding": "2.4.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Heap-based buffer overflow in the ne2000_receive function in hw/net/ne2000.c in QEMU before 2.4.0.1 allows guest OS users to cause a denial of service (instance crash) or possibly execute arbitrary code via vectors related to receiving packets."}, {"lang": "es", "value": "Desbordamiento de buffer basado en memoria din\u00e1mica en la funci\u00f3n ne2000_receive en hw/net/ne2000.c en QEMU en versiones anteriores a 2.4.0.1, permite a usuarios invitados del SO provocar una denegaci\u00f3n de servicio (ca\u00edda de la instancia) o posiblemente ejecutar c\u00f3digo arbitrario a trav\u00e9s de vectores relacionados con la recepci\u00f3n de paquetes."}], "id": "CVE-2015-5279", "lastModified": "2023-02-13T00:52:48.770", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2015-09-28T16:59:02.270", "references": [{"source": "secalert@redhat.com", "url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=7aa2bcad0ca837dd6d4bf4fa38a80314b4a6b755"}, {"source": "secalert@redhat.com", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169036.html"}, {"source": "secalert@redhat.com", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169039.html"}, {"source": "secalert@redhat.com", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167369.html"}, {"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00019.html"}, {"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2015-1896.html"}, {"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2015-1923.html"}, {"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2015-1924.html"}, {"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2015-1925.html"}, {"source": "secalert@redhat.com", "url": "http://www.debian.org/security/2015/dsa-3361"}, {"source": "secalert@redhat.com", "url": "http://www.debian.org/security/2015/dsa-3362"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2015/09/15/3"}, {"source": "secalert@redhat.com", "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/76746"}, {"source": "secalert@redhat.com", "url": "http://www.securitytracker.com/id/1033569"}, {"source": "secalert@redhat.com", "url": "https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg03984.html"}, {"source": "secalert@redhat.com", "url": "https://security.gentoo.org/glsa/201602-01"}, {"source": "secalert@redhat.com", "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1188-security-advisory-14"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}