The ne2000_receive function in hw/net/ne2000.c in QEMU before 2.4.0.1 allows attackers to cause a denial of service (infinite loop and instance crash) or possibly execute arbitrary code via vectors related to receiving packets.
References
Link | Resource |
---|---|
http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168077.html | Mailing List Third Party Advisory |
http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168646.html | Mailing List Third Party Advisory |
http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168671.html | Mailing List Third Party Advisory |
http://www.openwall.com/lists/oss-security/2015/09/15/2 | Mailing List Patch Third Party Advisory |
http://www.ubuntu.com/usn/USN-2745-1 | Third Party Advisory |
https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg03985.html | Mailing List Patch Third Party Advisory |
https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg05832.html | Mailing List Third Party Advisory |
https://www.arista.com/en/support/advisories-notices/security-advisories/1188-security-advisory-14 | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
History
No history.
Information
Published : 2020-01-23 20:15
Updated : 2024-02-28 17:28
NVD link : CVE-2015-5278
Mitre link : CVE-2015-5278
CVE.ORG link : CVE-2015-5278
JSON object : View
Products Affected
canonical
- ubuntu_linux
arista
- eos
fedoraproject
- fedora
qemu
- qemu
CWE
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')