Lucene search

K
ubuntucveUbuntu.comUB:CVE-2016-4002
HistoryApr 26, 2016 - 12:00 a.m.

CVE-2016-4002

2016-04-2600:00:00
ubuntu.com
ubuntu.com
28
qemu
buffer overflow
mipsnet receive
remote attackers
memory corruption
crash
execute arbitrary code
large packets

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.056

Percentile

93.5%

Buffer overflow in the mipsnet_receive function in hw/net/mipsnet.c in
QEMU, when the guest NIC is configured to accept large packets, allows
remote attackers to cause a denial of service (memory corruption and QEMU
crash) or possibly execute arbitrary code via a packet larger than 1514
bytes.

Bugs

OSVersionArchitecturePackageVersionFilename
ubuntu14.04noarchqemu< 2.0.0+dfsg-2ubuntu1.24UNKNOWN
ubuntu15.10noarchqemu< 1:2.3+dfsg-5ubuntu9.4UNKNOWN
ubuntu16.04noarchqemu< 1:2.5+dfsg-5ubuntu10.1UNKNOWN
ubuntu12.04noarchqemu-kvm< 1.0+noroms-0ubuntu14.28UNKNOWN

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.056

Percentile

93.5%