CVE-2020-13362

🗓️ 28 May 2020 14:35:24Reported by mitreType

QEMU 5.0.0 and earlier, megasas_lookup_frame in hw/scsi/megasas.c has an out-of-bounds read via a crafted reply_queue_head field from a guest OS user

Reporter	Title	Published	Views	Family All 112
AlpineLinux	CVE-2020-13362	28 May 202014:35	–	alpinelinux
CBLMariner	CVE-2020-13362 affecting package qemu-kvm 4.2.0-48	30 Nov 202019:31	–	cbl_mariner
Circl	CVE-2020-13362	28 May 202018:55	–	circl
CNVD	QEMU Buffer Overflow Vulnerability (CNVD-2020-31088)	29 May 202000:00	–	cnvd
Cvelist	CVE-2020-13362	28 May 202014:35	–	cvelist
Debian	[SECURITY] [DLA 2262-1] qemu security update	29 Jun 202020:49	–	debian
Debian	[SECURITY] [DLA 2288-1] qemu security update	26 Jul 202011:51	–	debian
Debian	[SECURITY] [DSA 4728-1] qemu security update	19 Jul 202018:01	–	debian
Debian CVE	CVE-2020-13362	28 May 202014:35	–	debiancve
Tenable Nessus	Debian DLA-2262-1 : qemu security update	30 Jun 202000:00	–	nessus

NVD

Node

qemu qemuRange≤5.0.0

Node

Node

Node

Source	Link
openwall	www.openwall.com/lists/oss-security/2020/05/28/2
lists	www.lists.gnu.org/archive/html/qemu-devel/2020-05/msg03131.html
lists	www.lists.gnu.org/archive/html/qemu-devel/2020-05/msg06250.html
lists	www.lists.opensuse.org/opensuse-security-announce/2020-07/msg00086.html
usn	www.usn.ubuntu.com/4467-1/
security	www.security.gentoo.org/glsa/202011-09
security	www.security.netapp.com/advisory/ntap-20200608-0003/
lists	www.lists.debian.org/debian-lts-announce/2020/06/msg00032.html
lists	www.lists.debian.org/debian-lts-announce/2020/07/msg00020.html
security-tracker	www.security-tracker.debian.org/tracker/CVE-2020-13362

21 Nov 2024 05:01Current

4.7Medium risk

Vulners AI Score4.7

CVSS 22.1

CVSS 3.13.2

EPSS0.0008