ID CVE-2014-3640
Summary The sosendto function in slirp/udp.c in QEMU before 2.1.2 allows local users to cause a denial of service (NULL pointer dereference) by sending a udp packet with a value of 0 in the source port and address, which triggers access of an uninitialized socket.
References
Vulnerable Configurations
  • cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:qemu:qemu:2.0.0:-:*:*:*:*:*:*
    cpe:2.3:a:qemu:qemu:2.0.0:-:*:*:*:*:*:*
  • cpe:2.3:a:qemu:qemu:2.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:qemu:qemu:2.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:qemu:qemu:2.1.0:rc2:*:*:*:*:*:*
    cpe:2.3:a:qemu:qemu:2.1.0:rc2:*:*:*:*:*:*
  • cpe:2.3:a:qemu:qemu:2.0.0:rc0:*:*:*:*:*:*
    cpe:2.3:a:qemu:qemu:2.0.0:rc0:*:*:*:*:*:*
  • cpe:2.3:a:qemu:qemu:2.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:qemu:qemu:2.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:qemu:qemu:2.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:qemu:qemu:2.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:qemu:qemu:2.0.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:qemu:qemu:2.0.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:qemu:qemu:2.1.0:rc3:*:*:*:*:*:*
    cpe:2.3:a:qemu:qemu:2.1.0:rc3:*:*:*:*:*:*
  • cpe:2.3:a:qemu:qemu:2.1.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:qemu:qemu:2.1.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:qemu:qemu:2.1.0:rc5:*:*:*:*:*:*
    cpe:2.3:a:qemu:qemu:2.1.0:rc5:*:*:*:*:*:*
  • cpe:2.3:a:qemu:qemu:2.0.0:rc2:*:*:*:*:*:*
    cpe:2.3:a:qemu:qemu:2.0.0:rc2:*:*:*:*:*:*
  • cpe:2.3:a:qemu:qemu:2.1.0:rc0:*:*:*:*:*:*
    cpe:2.3:a:qemu:qemu:2.1.0:rc0:*:*:*:*:*:*
  • cpe:2.3:a:qemu:qemu:2.0.0:rc3:*:*:*:*:*:*
    cpe:2.3:a:qemu:qemu:2.0.0:rc3:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:lts:*:*:*
CVSS
Base: 2.1 (as of 13-02-2023 - 00:41)
Impact:
Exploitability:
CWE CWE-476
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:L/AC:L/Au:N/C:N/I:N/A:P
redhat via4
advisories
  • rhsa
    id RHSA-2015:0349
  • rhsa
    id RHSA-2015:0624
rpms
  • libcacard-10:1.5.3-86.el7
  • libcacard-devel-10:1.5.3-86.el7
  • libcacard-tools-10:1.5.3-86.el7
  • qemu-img-10:1.5.3-86.el7
  • qemu-kvm-10:1.5.3-86.el7
  • qemu-kvm-common-10:1.5.3-86.el7
  • qemu-kvm-debuginfo-10:1.5.3-86.el7
  • qemu-kvm-tools-10:1.5.3-86.el7
  • libcacard-devel-rhev-10:2.1.2-23.el7
  • libcacard-rhev-10:2.1.2-23.el7
  • libcacard-tools-rhev-10:2.1.2-23.el7
  • qemu-img-rhev-10:2.1.2-23.el7
  • qemu-kvm-common-rhev-10:2.1.2-23.el7
  • qemu-kvm-rhev-10:2.1.2-23.el7
  • qemu-kvm-rhev-debuginfo-10:2.1.2-23.el7
  • qemu-kvm-tools-rhev-10:2.1.2-23.el7
refmap via4
confirm https://bugzilla.redhat.com/show_bug.cgi?id=1144818
debian
  • DSA-3044
  • DSA-3045
mlist
  • [Qemu-devel] 20140918 [PATCH v2] slirp: udp: fix NULL pointer dereference because of uninitialized socket
  • [Qemu-devel] 20140923 Re: [PATCH v2] slirp: udp: fix NULL pointer dereference because of uninitialized socket
  • [Qemu-devel] 20140924 Re: [PATCH v2] slirp: udp: fix NULL pointer dereference because of uninitialized socket
ubuntu USN-2409-1
Last major update 13-02-2023 - 00:41
Published 07-11-2014 - 19:55
Last modified 13-02-2023 - 00:41
Back to Top