oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE request Qemu: hw: net: Fix a heap overflow in xlnx.xps-ethernetlite

From: cve-assign () mitre org
Date: Fri, 23 Sep 2016 11:24:07 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256


The .receive callback of xlnx.xps-ethernetlite doesn't check the length
of data before calling memcpy. As a result, the NetClientState object in
heap will be overflowed. Attackers may leverage it to execute arbitrary
code with privileges of the qemu process on the host.

https://lists.gnu.org/archive/html/qemu-devel/2016-08/msg01598.html
https://lists.gnu.org/archive/html/qemu-devel/2016-08/msg01877.html


Yes, this was already assigned CVE-2016-7161. Other references are:

  http://git.qemu.org/?p=qemu.git;a=commit;h=a0d1cbdacff5df4ded16b753b38fdd9da6092968
  http://patchwork.ozlabs.org/patch/657076/


I created a CVE, but I can't access it. Do you know how to expose the CVE?
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7161


This resulted from the https://cveform.mitre.org web site, not an
oss-security post. In that situation, the "Select a request type"
"Notify CVE about a publication" process could have been used. At the
moment, that process is not used for a vulnerability that has an
oss-security post.

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJX5UhtAAoJEHb/MwWLVhi2S3UP/R3rj9yUK8LxskuVYnFoIwxZ
mUZOJYVo5yTfV416+mFy9JU9ztqk2+JnidQ+iOZ1p3zpc352r6gftyLl0cghu2jx
vzN2OuBeXPBUWsgBLa3fFyNz+7gHTwNO0ISmg11y5717QvGeC00jFcfVCp9awpiS
AvnbVqhVr5LFfN5zrT456r3E1QbcV4gS0bbgob9RYDUf5YNDCelp4iY4jbZV/Ns2
06nrDsz6aWKyXzlebpfyPBpn04HyqiXEUwTkex0HH2YjmH+iDYVdBBYmLwwOSoLY
p+ybpHfETfvL0xIASMPVFHETZmlcS8aeInzJ0726zcYDwxSoWjRsxyJ8Qt2UI0ux
ZpfhFSMWumPhqJbpD37laElxaSxgOdpY61UBW6ZgIMO1wO64v6dRuSMHXSVJXXFs
olOAR5zp5UCLgMW8CBgzAU6DnpnYAzF14O+h+24g3W9DhXmX5oXSdY1FyP1D+Vsq
K7NH87RCygBm9VVXVo5ErGCI08bzJaYSDju9lefEU0ldsq5zGXVCFK7HBhKOpvrT
YGE1uhU1rjS+TtSAuJ2UbqIJBcT9WGGmVNk+Cv1PVvWBvxrUkZiDey9rjQjDm1Ng
YrPX94o+rtn5QGG0T9VDoSBfMmf+5mp5Jkcq34R/ol5k56wpEr5BXyARc8iFj13C
KownOKU8+XCHIPViQvEu
=4P8S
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: