TROYANOSYVIRUS
Back to CVEs

CVE-2015-7512

CRITICAL
9.0

Description

Buffer overflow in the pcnet_receive function in hw/net/pcnet.c in QEMU, when a guest NIC has a larger MTU, allows remote attackers to cause a denial of service (guest OS crash) or execute arbitrary code via a large packet.

CVE Details

CVSS v3.1 Score9.0
SeverityCRITICAL
CVSS VectorCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Attack VectorNETWORK
ComplexityHIGH
Privileges RequiredNONE
User InteractionNONE
Published1/8/2016
Last Modified4/12/2025
Sourcenvd
Honeypot Sightings0

Affected Products

debian:debian_linuxoracle:linuxqemu:qemuredhat:enterprise_linux_desktopredhat:enterprise_linux_eusredhat:enterprise_linux_serverredhat:enterprise_linux_workstationredhat:openstackredhat:virtualization

Weaknesses (CWE)

CWE-120

References

http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=8b98a2f07175d46c3f7217639bd5e03f(secalert@redhat.com)
http://rhn.redhat.com/errata/RHSA-2015-2694.html(secalert@redhat.com)
http://rhn.redhat.com/errata/RHSA-2015-2695.html(secalert@redhat.com)
http://rhn.redhat.com/errata/RHSA-2015-2696.html(secalert@redhat.com)
http://www.debian.org/security/2016/dsa-3469(secalert@redhat.com)
http://www.debian.org/security/2016/dsa-3470(secalert@redhat.com)
http://www.debian.org/security/2016/dsa-3471(secalert@redhat.com)
http://www.openwall.com/lists/oss-security/2015/11/30/3(secalert@redhat.com)
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html(secalert@redhat.com)
http://www.securityfocus.com/bid/78230(secalert@redhat.com)
http://www.securitytracker.com/id/1034527(secalert@redhat.com)
https://security.gentoo.org/glsa/201602-01(secalert@redhat.com)
http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=8b98a2f07175d46c3f7217639bd5e03f(af854a3a-2127-422b-91ae-364da2661108)
http://rhn.redhat.com/errata/RHSA-2015-2694.html(af854a3a-2127-422b-91ae-364da2661108)
http://rhn.redhat.com/errata/RHSA-2015-2695.html(af854a3a-2127-422b-91ae-364da2661108)
http://rhn.redhat.com/errata/RHSA-2015-2696.html(af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2016/dsa-3469(af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2016/dsa-3470(af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2016/dsa-3471(af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2015/11/30/3(af854a3a-2127-422b-91ae-364da2661108)
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/78230(af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id/1034527(af854a3a-2127-422b-91ae-364da2661108)
https://security.gentoo.org/glsa/201602-01(af854a3a-2127-422b-91ae-364da2661108)

IOC Correlations

No correlations recorded

This product uses data from the NVD API but is not endorsed or certified by the NVD.