CVE-2012-6075

2013-02-1301:55:00

CWE-120

[email protected]

web.nvd.nist.gov

cve-2012-6075

buffer overflow

e1000

qemu

denial of service

remote code execution

7.6 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.023 Low

EPSS

Percentile

89.6%

JSON

Buffer overflow in the e1000_receive function in the e1000 device driver (hw/e1000.c) in QEMU 1.3.0-rc2 and other versions, when the SBP and LPE flags are disabled, allows remote attackers to cause a denial of service (guest OS crash) and possibly execute arbitrary guest code via a large packet.

CPENameOperatorVersion
qemu:qemuqemult1.3.0
fedoraproject:fedorafedoraproject fedoraeq17
fedoraproject:fedorafedoraproject fedoraeq16
fedoraproject:fedorafedoraproject fedoraeq18
suse:linux_enterprise_serversuse linux enterprise servereq11
opensuse:opensuseopensuseeq12.2
opensuse:opensuseopensuseeq12.1
redhat:enterprise_linux_serverredhat enterprise linux servereq5.0
redhat:enterprise_linux_workstationredhat enterprise linux workstationeq5.0
redhat:enterprise_linux_server_ausredhat enterprise linux server auseq6.4

CPE	Name	Operator	Version
qemu:qemu	qemu	lt	1.3.0
fedoraproject:fedora	fedoraproject fedora	eq	17
fedoraproject:fedora	fedoraproject fedora	eq	16
fedoraproject:fedora	fedoraproject fedora	eq	18
suse:linux_enterprise_server	suse linux enterprise server	eq	11
opensuse:opensuse	opensuse	eq	12.2
opensuse:opensuse	opensuse	eq	12.1
redhat:enterprise_linux_server	redhat enterprise linux server	eq	5.0
redhat:enterprise_linux_workstation	redhat enterprise linux workstation	eq	5.0
redhat:enterprise_linux_server_aus	redhat enterprise linux server aus	eq	6.4