qemu: ccid: buffer overflow in handling of VSC_ATR message

Buffer overflow in the ccidcardvscardhandlemessage function in hw/ccid-card-passthru.c in QEMU before 0.15.2 and 1.x before 1.0-rc4 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a crafted VSCATR message...

PT-2014-2164 · Qemu +2 · Qemu +2

Name of the Vulnerable Software and Affected Versions: QEMU versions prior to 0.15.2 QEMU versions 1.x prior to 1.0-rc4 Description: The issue is related to a buffer overflow in the ccid card vscard handle message function, which can be triggered by a crafted VSC ATR message. This could lead to a...