FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2015-5279

This CVE name corresponds to:

Entered Topic
2016-01-02 qemu -- denial of service vulnerabilities in NE2000 NIC support

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2015-5279 at cve.mitre.org

Details

Type Candidate
Name CVE-2015-5279
Phase Assigned(20150701)

Description

Heap-based buffer overflow in the ne2000_receive function in hw/net/ne2000.c in QEMU before 2.4.0.1 allows guest OS users to cause a denial of service (instance crash) or possibly execute arbitrary code via vectors related to receiving packets.

References

Source Reference
MLIST [Qemu-devel] 20150915 [PULL 2/3] net: add checks to validate ring buffer pointers
MLIST [oss-security] 20150915 CVE-2015-5279 Qemu: net: add checks to validate ring buffer pointers
CONFIRM http://git.qemu.org/?p=qemu.git;a=commit;h=7aa2bcad0ca837dd6d4bf4fa38a80314b4a6b755
SECTRACK 1033569

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.