oss-sec mailing list archives
CVE request Qemu: hmp: stack based OOB write in hmp_sendkey routine
From: P J P <ppandit () redhat com>
Date: Wed, 23 Dec 2015 01:48:09 +0530 (IST)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello,Qemu emulator built with the Human Monitor Interface(HMP) support is vulnerable to an OOB write issue. It occurs while processing 'sendkey' command in hmp_sendkey routine, if the command argument is longer than the 'keyname_buf' buffer size.
A user/process could use this flaw to crash the Qemu process instance resulting in DoS.
Upstream fix: - ------------- -> https://lists.gnu.org/archive/html/qemu-devel/2015-12/msg02930.html Reference: - ---------- -> https://bugzilla.redhat.com/show_bug.cgi?id=1283926 This issue was discovered by Mr Ling Liu of Qihoo 360 Inc. Thank you. - -- Prasad J Pandit / Red Hat Product Security Team 47AF CE69 3A90 54AA 9045 1053 DD13 3D32 FE5B 041F -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJWebACAAoJEN0TPTL+WwQfKkEP/R/yWa0pC7a1nky6EWrcuuKC d4Sd9cN0q4LjOGAZB+Csfb33HWWbnRZWKiBQuc9v0Ivh4xE7rP605Hh+it+mYzA6 YCt5vnT0tmwSf6Uq4gS+Ap1G1L7e0aVq/8SaPkaIT59nFfDRRVMPD6xBMy/ZBftT ilKmR7O4aE8xK5IvZY2Q857ywrp0FkLzH5MFKrU9aFqSWshtEl+E27cQZoaNPY6q B39m1ZY0mW5d0JBJiq5RZbz9qBqKNqTFumQ9femE6uzPlxwVDvWEt8QAhl6EuxXh QU+zVoD+nrA7EFZL96cdKHcZEgyF+tCOkyA80wF/fHzPM+wRpWWbydgFCXS13ChN L8jGvMIRAhx+leIinpXj/fDDtXrcCFxf8XoE+G0THYoF6SCw2ukh5FBXUWKL1Wsi VL1tsVgZdemdGX/PifZ7WrZHyvjb9xJg1uLZctCuXRLNZe5f/EZlXrdSAdc6HsJH a/+i3o1SSJ8RHFBLn1Ve+bldEmJFA7cEJPB9nz8lRj77A8Pivy10+38Nfuuo9kXy dEL6mlfq2JrMp7pgGgIVtJChjH0+mwETrkUd/yYPgp1AmTBLkum7M76Jxwli7AVX OFRfGAmEUxnzXs6cJSP4tW1QXidUHsSwOCInZpiRNweU/azBtsrK6EexQIx0IceJ egafyYsnZIEpcKyeGrld =j7pK -----END PGP SIGNATURE-----
Current thread:
- CVE request Qemu: hmp: stack based OOB write in hmp_sendkey routine P J P (Dec 22)
- Re: CVE request Qemu: hmp: stack based OOB write in hmp_sendkey routine cve-assign (Dec 22)