CVSS2
Attack Vector
ADJACENT_NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:A/AC:H/Au:N/C:C/I:C/A:C
AI Score
Confidence
Low
EPSS
Percentile
93.0%
Buffer overflow in the ccid_card_vscard_handle_message function in hw/ccid-card-passthru.c in QEMU before 0.15.2 and 1.x before 1.0-rc4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted VSC_ATR message.
Vendor | Product | Version | CPE |
---|---|---|---|
redhat | enterprise_linux | 6.0 | cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:* |
redhat | enterprise_linux_server_supplementary | 6.1.z | cpe:2.3:o:redhat:enterprise_linux_server_supplementary:6.1.z:*:*:*:*:*:*:* |
qemu | qemu | * | cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:* |
qemu | qemu | 0.15.0 | cpe:2.3:a:qemu:qemu:0.15.0:*:*:*:*:*:*:* |
qemu | qemu | 0.15.0 | cpe:2.3:a:qemu:qemu:0.15.0:rc1:*:*:*:*:*:* |
qemu | qemu | 0.15.0 | cpe:2.3:a:qemu:qemu:0.15.0:rc2:*:*:*:*:*:* |
qemu | qemu | 1.0 | cpe:2.3:a:qemu:qemu:1.0:*:*:*:*:*:*:* |
qemu | qemu | 1.0 | cpe:2.3:a:qemu:qemu:1.0:rc1:*:*:*:*:*:* |
qemu | qemu | 1.0 | cpe:2.3:a:qemu:qemu:1.0:rc2:*:*:*:*:*:* |
qemu | qemu | 1.0 | cpe:2.3:a:qemu:qemu:1.0:rc3:*:*:*:*:*:* |