{
  "id": "CVE-2024-24474",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2024-02-20T18:15:52.463",
  "lastModified": "2024-06-10T16:15:12.127",
  "vulnStatus": "Awaiting Analysis",
  "descriptions": [
    {
      "lang": "en",
      "value": "QEMU before 8.2.0 has an integer underflow, and resultant buffer overflow, via a TI command when an expected non-DMA transfer length is less than the length of the available FIFO data. This occurs in esp_do_nodma in hw/scsi/esp.c because of an underflow of async_len."
    },
    {
      "lang": "es",
      "value": "QEMU anterior a 8.2.0 tiene un desbordamiento de n\u00famero entero y un desbordamiento de b\u00fafer resultante, a trav\u00e9s de un comando TI cuando una longitud de transferencia esperada que no es DMA es menor que la longitud de los datos FIFO disponibles. Esto ocurre en esp_do_nodma en hw/scsi/esp.c debido a un desbordamiento insuficiente de async_len."
    }
  ],
  "metrics": {},
  "references": [
    {
      "url": "https://gist.github.com/1047524396/5ce07b9d387095c276b1cd234ae5615e",
      "source": "cve@mitre.org"
    },
    {
      "url": "https://github.com/qemu/qemu/commit/77668e4b9bca03a856c27ba899a2513ddf52bb52",
      "source": "cve@mitre.org"
    },
    {
      "url": "https://gitlab.com/qemu-project/qemu/-/issues/1810",
      "source": "cve@mitre.org"
    },
    {
      "url": "https://security.netapp.com/advisory/ntap-20240510-0012/",
      "source": "cve@mitre.org"
    }
  ]
}