Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistRedhatCVELIST:CVE-2021-3527
HistoryMay 26, 2021 - 9:13 p.m.

CVE-2021-3527

2021-05-2621:13:56
CWE-770
redhat
www.cve.org

6.5 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

14.3%

JSON

A flaw was found in the USB redirector device (usb-redir) of QEMU. Small USB packets are combined into a single, large transfer request, to reduce the overhead and improve performance. The combined size of the bulk transfer is used to dynamically allocate a variable length array (VLA) on the stack without proper validation. Since the total size is not bounded, a malicious guest could use this flaw to influence the array length and cause the QEMU process to perform an excessive allocation on the stack, resulting in a denial of service.

CNA Affected

[
  {
    "product": "QEMU",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "all versions"
      }
    ]
  }
]

Related

cve 1
redhatcve 1
cbl_mariner 1
ubuntucve 1
debiancve 1
alpinelinux 1
veracode 1
nvd 1
prion 1
osv 4
nessus 28
openvas 24
amazon 1
debian 2
suse 4
oraclelinux 2
ubuntu 1
gentoo 1
cve
cve
CVE-2021-3527
2021-05-26 22:15:08
redhatcve
redhatcve
CVE-2021-3527
2021-04-30 18:00:06
cbl_mariner
cbl_mariner
CVE-2021-3527 affecting package qemu-kvm 4.2.0-48
2021-07-08 21:56:54
ubuntucve
ubuntucve
CVE-2021-3527
2021-05-26 00:00:00
debiancve
debiancve
CVE-2021-3527
2021-05-26 22:15:08
alpinelinux
alpinelinux
CVE-2021-3527
2021-05-26 22:15:08
veracode
veracode
Denial Of Service (DoS)
2021-05-06 15:01:18
nvd
nvd
CVE-2021-3527
2021-05-26 22:15:08
prion
prion
Design/Logic Flaw
2021-05-26 22:15:00
osv
osv
CVE-2021-3527
2021-05-26 22:15:08
qemu - security update
2021-09-01 00:00:00
qemu vulnerabilities
2021-07-15 17:53:50
nessus
nessus
EulerOS Virtualization 3.0.2.2 : qemu-kvm (EulerOS-SA-2023-1289)
2023-01-30 00:00:00
EulerOS Virtualization 3.0.2.0 : qemu (EulerOS-SA-2021-2844)
2021-12-29 00:00:00
Debian DLA-2753-1 : qemu - LTS security update
2021-09-03 00:00:00
openvas
openvas
Huawei EulerOS: Security Advisory for qemu-kvm (EulerOS-SA-2023-1289)
2023-01-31 00:00:00
Huawei EulerOS: Security Advisory for qemu (EulerOS-SA-2022-1154)
2022-02-13 00:00:00
Huawei EulerOS: Security Advisory for qemu (EulerOS-SA-2021-2844)
2021-12-30 00:00:00
amazon
amazon
Medium: qemu
2023-05-25 17:41:00
debian
debian
[SECURITY] [DLA 2753-1] qemu security update
2021-09-02 18:40:09
[SECURITY] [DLA 3099-1] qemu security update
2022-09-05 03:28:05
suse
suse
Security update for qemu (moderate)
2021-08-27 00:00:00
Security update for qemu (moderate)
2021-08-20 00:00:00
Security update for qemu (important)
2021-11-04 00:00:00
oraclelinux
oraclelinux
qemu security update
2021-08-17 00:00:00
virt:kvm_utils security update
2021-12-01 00:00:00
ubuntu
ubuntu
QEMU vulnerabilities
2021-07-15 00:00:00
gentoo
gentoo
QEMU: Multiple Vulnerabilities
2022-08-14 00:00:00

6.5 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

14.3%

JSON
Related for CVELIST:CVE-2021-3527
cve1redhatcve1cbl_mariner1ubuntucve1debiancve1alpinelinux1veracode1nvd1prion1osv4nessus28openvas24amazon1debian2suse4oraclelinux2ubuntu1gentoo1