Re: CVE request Qemu: net: out of bounds read in net_checksum_calculate

[cve-assign () mitre org]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> Qemu emulator built with the IP checksum routines is vulnerable to an OOB read
> access issue. It could occur while computing checksum for TCP/UDP packets, as
> the function uses payload length from the packet without checking against the
> data buffer size.
>
> A user inside guest could use this flaw to read excessive bytes or crash the
> Qemu process resulting in DoS.
>
> https://lists.gnu.org/archive/html/qemu-devel/2016-03/msg00671.html
> https://bugzilla.redhat.com/show_bug.cgi?id=1296567

Use CVE-2016-2857.

This is not yet available at
http://git.qemu.org/?p=qemu.git;a=history;f=net/checksum.c but
that may be an expected place for a later update.

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJW3O3wAAoJEL54rhJi8gl56hUP/RyxPOoTlX09iR6D5mvAkzdX
OZSZuybX3W9X4kkZj4+TXUEAQxEBY7AN1j2QY3uPwb9N9QVXUF827vy+WLiXV0SG
dIYHazeMKeGd5fLthf/DI1PFXxtezOkPkBmE33jlX8bn5O9zpcoSATSl8HKqQQCh
iMdgOf1q1Y7rzz+qQrCbXZTKk7R9j5Q3hLkX8TaMlhdo9sUZwAaxiEuRIbGeuqds
7Id2nu1wfeOy4tptpEzfSYp6d8E9t2VHpnNnL3U5iFrdwc6SnKuKu0okwEIpnHJ3
mDb2FH2SPj2SWO4rdsJh/9WIzL6IvfELwq2tLp5aAsIDIsEgF68/0eawGID9wBDL
+Am7yUyqvogKrFfWYRNo74adbRRsO5Jzda8+MMFvuCGctIHRZCXUSNd7GOHCdkia
FMB7pcfAAZN/GPfAdVHpEZfk4aZqmy3iF28z7kOhFSalw74QQXTbAcoZiybyOJmh
ADcEnIoDfvWhxUG3DBocf05a+5Pp1qLNbvYl9NzBEDkNJxcgVQEnMr4gN/QyFXDI
At/gfwOEh3oCDN3mGvUk9d1lIDuu7yARXVcAPsrePHbpB9bmFLEgQRw0SCg+ezFe
QgdYHQ2dquUBcuTcIrT5wDVGgKNwuCyf+h3PZwMXhIFEcTZJyQgldfJXXiXHfpX+
Ggfm4NI0fXZ8NtgMHo2P
=ObQr
-----END PGP SIGNATURE-----