CVE-2016-7161 - OpenCVE

Heap-based buffer overflow in the .receive callback of xlnx.xps-ethernetlite in QEMU (aka Quick Emulator) allows attackers to execute arbitrary code on the QEMU host via a large ethlite packet.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Debian	Debian Linux
Qemu	Qemu

Configuration 1 [-]

OR	cpe:2.3:a:qemu:qemu::::::::
	cpe:2.3:a:qemu:qemu:2.7.0:rc0::::::
	cpe:2.3:a:qemu:qemu:2.7.0:rc1::::::
	cpe:2.3:a:qemu:qemu:2.7.0:rc2::::::

Configuration 2 [-]

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

References

Link	Resource
http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=a0d1cbdacff5df4ded16b753b38fdd9da6092968
http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.html	Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2016/09/23/6	Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2016/09/23/8	Mailing List Third Party Advisory
http://www.securityfocus.com/bid/93141	Broken Link Third Party Advisory VDB Entry
https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html	Third Party Advisory
https://lists.gnu.org/archive/html/qemu-devel/2016-08/msg01598.html	Mailing List Patch Vendor Advisory
https://lists.gnu.org/archive/html/qemu-devel/2016-08/msg01877.html	Mailing List Patch Vendor Advisory
https://security.gentoo.org/glsa/201611-11	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2016-10-05T16:00:00

Updated: 2018-12-01T10:57:01

Reserved: 2016-09-08T00:00:00

Link: CVE-2016-7161

JSON object: View

NVD Information

Status : Modified

Published: 2016-10-05T16:59:05.743

Modified: 2023-11-07T02:34:15.870

Link: CVE-2016-7161

JSON object: View

Redhat Information

No data.

CWE

CWE-787

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-08-09T00:00:00", "descriptions": [{"lang": "en", "value": "Heap-based buffer overflow in the .receive callback of xlnx.xps-ethernetlite in QEMU (aka Quick Emulator) allows attackers to execute arbitrary code on the QEMU host via a large ethlite packet."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-12-01T10:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "[oss-security] 20160923 CVE request Qemu: hw: net: Fix a heap overflow in xlnx.xps-ethernetlite", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2016/09/23/6"}, {"name": "GLSA-201611-11", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201611-11"}, {"name": "[oss-security] 20160923 Re: CVE request Qemu: hw: net: Fix a heap overflow in xlnx.xps-ethernetlite", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2016/09/23/8"}, {"name": "[qemu-devel] 20160809 [PULL 3/3] hw/net: Fix a heap overflow in xlnx.xps-ethernetlite", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.gnu.org/archive/html/qemu-devel/2016-08/msg01877.html"}, {"name": "openSUSE-SU-2016:3237", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.html"}, {"name": "[qemu-devel] 20160809 [PATCH] hw/net: Fix a heap overflow in xlnx.xps-ethernetlite", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.gnu.org/archive/html/qemu-devel/2016-08/msg01598.html"}, {"name": "93141", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/93141"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=a0d1cbdacff5df4ded16b753b38fdd9da6092968"}, {"name": "[debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2016-7161", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Heap-based buffer overflow in the .receive callback of xlnx.xps-ethernetlite in QEMU (aka Quick Emulator) allows attackers to execute arbitrary code on the QEMU host via a large ethlite packet."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "[oss-security] 20160923 CVE request Qemu: hw: net: Fix a heap overflow in xlnx.xps-ethernetlite", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2016/09/23/6"}, {"name": "GLSA-201611-11", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201611-11"}, {"name": "[oss-security] 20160923 Re: CVE request Qemu: hw: net: Fix a heap overflow in xlnx.xps-ethernetlite", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2016/09/23/8"}, {"name": "[qemu-devel] 20160809 [PULL 3/3] hw/net: Fix a heap overflow in xlnx.xps-ethernetlite", "refsource": "MLIST", "url": "https://lists.gnu.org/archive/html/qemu-devel/2016-08/msg01877.html"}, {"name": "openSUSE-SU-2016:3237", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.html"}, {"name": "[qemu-devel] 20160809 [PATCH] hw/net: Fix a heap overflow in xlnx.xps-ethernetlite", "refsource": "MLIST", "url": "https://lists.gnu.org/archive/html/qemu-devel/2016-08/msg01598.html"}, {"name": "93141", "refsource": "BID", "url": "http://www.securityfocus.com/bid/93141"}, {"name": "http://git.qemu.org/?p=qemu.git;a=commit;h=a0d1cbdacff5df4ded16b753b38fdd9da6092968", "refsource": "CONFIRM", "url": "http://git.qemu.org/?p=qemu.git;a=commit;h=a0d1cbdacff5df4ded16b753b38fdd9da6092968"}, {"name": "[debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2016-7161", "datePublished": "2016-10-05T16:00:00", "dateReserved": "2016-09-08T00:00:00", "dateUpdated": "2018-12-01T10:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*", "matchCriteriaId": "3CF78B06-34D3-4BF8-883B-7B9643BBA7CE", "versionEndIncluding": "2.6.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:qemu:qemu:2.7.0:rc0:*:*:*:*:*:*", "matchCriteriaId": "FA78F261-DEB3-46D5-9998-106F6210755E", "vulnerable": true}, {"criteria": "cpe:2.3:a:qemu:qemu:2.7.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "F121048B-9387-40C6-A919-7F9A4A847EA5", "vulnerable": true}, {"criteria": "cpe:2.3:a:qemu:qemu:2.7.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "7A102329-A5FB-4B9C-9094-BDA595807A56", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Heap-based buffer overflow in the .receive callback of xlnx.xps-ethernetlite in QEMU (aka Quick Emulator) allows attackers to execute arbitrary code on the QEMU host via a large ethlite packet."}, {"lang": "es", "value": "Desbordamiento de b\u00fafer basado en memor\u00eda din\u00e1mica en la llamada de retorno .receive de xlnx.xps-ethernetlite en QEMU (tambi\u00e9n conocido como Quick Emulator) permite a atacantes ejecutar c\u00f3digo arbitrario en el anfitri\u00f3n QEMU a trav\u00e9s de un paquete ethlite grande."}], "id": "CVE-2016-7161", "lastModified": "2023-11-07T02:34:15.870", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-10-05T16:59:05.743", "references": [{"source": "cve@mitre.org", "url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=a0d1cbdacff5df4ded16b753b38fdd9da6092968"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2016/09/23/6"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2016/09/23/8"}, {"source": "cve@mitre.org", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/93141"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Patch", "Vendor Advisory"], "url": "https://lists.gnu.org/archive/html/qemu-devel/2016-08/msg01598.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Patch", "Vendor Advisory"], "url": "https://lists.gnu.org/archive/html/qemu-devel/2016-08/msg01877.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/201611-11"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}