FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

qemu -- denial of service vulnerability in Human Monitor Interface support

Affected packages
0 <= qemu
0 <= qemu-devel
qemu-sbruno < 2.5.50.g20160213
qemu-user-static < 2.5.50.g20160213

Details

VuXML ID 62ab8707-b1bc-11e5-9728-002590263bf5
Discovery 2015-12-23
Entry 2016-01-03
Modified 2016-02-13

Prasad J Pandit, Red Hat Product Security Team, reports:

Qemu emulator built with the Human Monitor Interface(HMP) support is vulnerable to an OOB write issue. It occurs while processing 'sendkey' command in hmp_sendkey routine, if the command argument is longer than the 'keyname_buf' buffer size.

A user/process could use this flaw to crash the Qemu process instance resulting in DoS.

References

CVE Name CVE-2015-8619
FreeBSD PR ports/205813
FreeBSD PR ports/205814
URL http://git.qemu.org/?p=qemu.git;a=commit;h=64ffbe04eaafebf4045a3ace52a360c14959d196
URL http://www.openwall.com/lists/oss-security/2015/12/22/8
URL https://github.com/seanbruno/qemu-bsd-user/commit/64ffbe04eaafebf4045a3ace52a360c14959d196
URL https://lists.gnu.org/archive/html/qemu-devel/2015-12/msg02930.html