admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-merge PR#3234

Browse Source 
Auto-merge PR#3234
This commit is contained in:
CVE Team 2020-02-12 16:05:16 -05:00 committed by GitHub
commit fadae428e8
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 12 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
2020/1xxx/CVE-2020-1711.json
View File

@ -19,7 +19,7 @@
"version": {
"version_data": [
{
"version_value": "All qemu versions 2.x.x up to and including 2.12.0"
"version_value": "All qemu versions 2.12.0 before 4.2.1"
}
]
}
@ -48,6 +48,16 @@
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1711",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1711",
"refsource": "CONFIRM"
},
{
"url": "https://lists.gnu.org/archive/html/qemu-devel/2020-01/msg05535.html",
"name": "https://lists.gnu.org/archive/html/qemu-devel/2020-01/msg05535.html",
"refsource": "MISC"
},
{
"url": "https://www.openwall.com/lists/oss-security/2020/01/23/3",
"name": "https://www.openwall.com/lists/oss-security/2020/01/23/3",
"refsource": "MISC"
}
]
},
@ -55,7 +65,7 @@
"description_data": [
{
"lang": "eng",
"value": "An out-of-bounds heap buffer access flaw was found in the way the iSCSI Block driver in QEMU versions 2.x.x up to and including 2.12.0 handled a response coming from an iSCSI server while checking the status of a Logical Address Block (LBA) in an iscsi_co_block_status() routine. A remote user could use this flaw to crash the QEMU process, resulting in a denial of service or potential execution of arbitrary code with privileges of the QEMU process on the host."
"value": "An out-of-bounds heap buffer access flaw was found in the way the iSCSI Block driver in QEMU versions 2.12.0 before 4.2.1 handled a response coming from an iSCSI server while checking the status of a Logical Address Block (LBA) in an iscsi_co_block_status() routine. A remote user could use this flaw to crash the QEMU process, resulting in a denial of service or potential execution of arbitrary code with privileges of the QEMU process on the host."
}
]
},