CVE-2015-3209

Published Jun 15, 2015
Last updated 3 months ago
CVSS info 7.5
Overview

Description: Heap-based buffer overflow in the PCNET controller in QEMU allows remote attackers to execute arbitrary code by sending a packet with TXSTATUS_STARTPACKET set and then a crafted packet with TXSTATUS_DEVICEOWNS set.
Source: secalert@redhat.com
NVD status: Modified
Risk scores

CVSS 2.0

Type: Primary
Base score: 7.5
Impact score: 6.4
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:P/A:P
Weaknesses

nvd@nist.gov: CWE-787
Hype score: Not currently trending
Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "19E6775C-BA58-4D7E-96AB-9283C99D9641",
            "versionEndIncluding": "2.3.1"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:juniper:junos_space:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6133CA80-A291-487F-AE06-85D4AA154727",
            "versionEndIncluding": "15.1"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8D305F7A-D159-4716-AB26-5E38BB5CD991"
          },
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1"
          },
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "49A63F39-30BE-443F-AF10-6245587D3359"
          },
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F38D3B7E-8429-473F-BB31-FC3583EE5A5B"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA"
          },
          {
            "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:6.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "319EC0C6-94C5-494A-9C5D-DC5124DFC8E1"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "54D669D4-6D7E-449D-80C1-28FA44F06FFE"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:6.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "16E6D998-B41D-4B49-9E00-8336D2E40A4A"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:6.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "13E02156-E748-4820-B76F-7074793837E1"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D0AC5CD5-6E58-433C-9EB3-6DFE5656463E"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:redhat:openstack:5.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B152EDF3-3140-4343-802F-F4F1C329F5C3"
          },
          {
            "criteria": "cpe:2.3:a:redhat:virtualization:3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D86166F9-BBF0-4650-8CCD-0F9C97104D21"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FF47C9F0-D8DA-4B55-89EB-9B2C9383ADB9"
          },
          {
            "criteria": "cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "56BDB5A0-0839-4A20-A003-B8CD56F48171"
          },
          {
            "criteria": "cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "253C303A-E577-4488-93E6-68A8DD942C38"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D5900A25-FDD7-4900-BF7C-F3ECCB714D2B"
          },
          {
            "criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:11:sp3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3ED68ADD-BBDA-4485-BC76-58F011D72311"
          },
          {
            "criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:12:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D2DF4815-B8CB-4AD3-B91D-2E09A8E318E9"
          },
          {
            "criteria": "cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:ltss:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "35BBD83D-BDC7-4678-BE94-639F59281139"
          },
          {
            "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:ltss:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "67960FB9-13D1-4DEE-8158-31BF31BCBE6F"
          },
          {
            "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:ltss:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CB6476C7-03F2-4939-AB85-69AA524516D9"
          },
          {
            "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:-:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E534C201-BCC5-473C-AAA7-AAB97CEB5437"
          },
          {
            "criteria": "cpe:2.3:o:suse:linux_enterprise_server:12:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "15FC9014-BD85-4382-9D04-C0703E901D7A"
          },
          {
            "criteria": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2F7F8866-DEAD-44D1-AB10-21EE611AA026"
          },
          {
            "criteria": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1831D45A-EE6E-4220-8F8C-248B69520948"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:arista:eos:4.12:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FDDF9823-D999-41A4-BB7B-A63C00ACE11B"
          },
          {
            "criteria": "cpe:2.3:o:arista:eos:4.13:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "51F7426A-46F7-4BE0-806F-F4598C8B0426"
          },
          {
            "criteria": "cpe:2.3:o:arista:eos:4.14:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E7F71EBA-27AC-464B-8708-4E8971BC75A7"
          },
          {
            "criteria": "cpe:2.3:o:arista:eos:4.15:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8705CF80-DEFC-4425-8E23-D98FFD678157"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]
Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References
