CVE-2016-7161
Advisory lineage Upstream: 0 Downstream: 11
Modified
Published: 05 Oct 2016, 16:00
Last modified:06 Aug 2024, 01:50
Vulnerability Summary
Overall Risk (default)
high
70/100 CVSS Score
10 HIGH
v2.0 (nvd)
EPSS Score
16.71% MEDIUM
17% probability -3.49%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
05 Oct 2016, 16:00
Published
Vulnerability first disclosed
06 Aug 2024, 01:50
Last Modified
Vulnerability information updated
Description
Heap-based buffer overflow in the .receive callback of xlnx.xps-ethernetlite in QEMU (aka Quick Emulator) allows attackers to execute arbitrary code on the QEMU host via a large ethlite packet.
CVSS Metrics
- v3.1•CRITICAL•Score: 9.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- v2.0•HIGH•Score: 10AV:N/AC:L/Au:N/C:C/I:C/A:C
EPSS Trends
Current EPSS score: 16.71%• Percentile: 95%
Techniques & Countermeasures
- CWE-787•Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.
Affected Systems
- debian•debian_linux
8.0
- qemu•qemu
≤ 2.6.2 | 2.7.0:rc0 | 2.7.0:rc1 | 2.7.0:rc2
References (9)
- http://www.openwall.com/lists/oss-security/2016/09/23/6
- https://security.gentoo.org/glsa/201611-11
- http://www.openwall.com/lists/oss-security/2016/09/23/8
- https://lists.gnu.org/archive/html/qemu-devel/2016-08/msg01877.html
- http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.html
- https://lists.gnu.org/archive/html/qemu-devel/2016-08/msg01598.html
- http://www.securityfocus.com/bid/93141
- http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=a0d1cbdacff5df4ded16b753b38fdd9da6092968
- https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html