PRIOn knowledge basePRION:CVE-2014-0146

HistoryAug 10, 2017 - 3:29 p.m.

Null pointer dereference

2017-08-1015:29:00

PRIOn knowledge base

www.prio-n.com

6.2 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

35.4%

JSON

The qcow2_open function in the (block/qcow2.c) in QEMU before 1.7.2 and 2.x before 2.0.0 allows local users to cause a denial of service (NULL pointer dereference) via a crafted image which causes an error, related to the initialization of the snapshot_offset and nb_snapshots fields.

CPENameOperatorVersion
qemule1.7.1
qemueq2.0.0 rc0
qemueq2.0.0 rc1
qemueq2.0.0 rc2
qemueq2.0.0 rc3

Name	Operator	Version
qemu	le	1.7.1
qemu	eq	2.0.0 rc0
qemu	eq	2.0.0 rc1
qemu	eq	2.0.0 rc2
qemu	eq	2.0.0 rc3

References

git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=11b128f4062dd7f89b14abc8877ff20d41b28be9

rhn.redhat.com/errata/RHSA-2014-0420.html

rhn.redhat.com/errata/RHSA-2014-0421.html

www.debian.org/security/2014/dsa-3044

www.openwall.com/lists/oss-security/2014/03/26/8

bugzilla.redhat.com/show_bug.cgi?id=1078232