DEBIAN-CVE-2020-29443

Advisory lineage Upstream: 1 Downstream: 2
Upstream
CVE-2020-29443
Published: 26 Jan 2021, 18:15
Last modified:28 Apr 2026, 20:18

Vulnerability Summary

Overall Risk (default)
low
16/100
CVSS Score
3.9 LOW
3.1 (osv_debian)
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

26 Jan 2021, 18:15
Published
Vulnerability first disclosed
28 Apr 2026, 20:18
Last Modified
Vulnerability information updated

Description

ide_atapi_cmd_reply_end in hw/ide/atapi.c in QEMU 5.1.0 allows out-of-bounds read access because a buffer index is not validated.

CVSS Metrics

  • v3.1LOWScore: 3.9CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:L

Affected Systems

  • debianqemu

    < 1:5.2+dfsg-11 | < 1:5.2+dfsg-11 | < 1:5.2+dfsg-11 | < 1:5.2+dfsg-11

References (1)