CVE-2015-5745

Severity CVSS v4.0:
Pending analysis
Type:
CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Publication date:
23/01/2020
Last modified:
20/02/2022

Description

Buffer overflow in the send_control_msg function in hw/char/virtio-serial-bus.c in QEMU before 2.4.0 allows guest users to cause a denial of service (QEMU process crash) via a crafted virtio control message.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:* 2.4.0 (excluding)
cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*
cpe:2.3:o:arista:eos:4.12:*:*:*:*:*:*:*
cpe:2.3:o:arista:eos:4.13:*:*:*:*:*:*:*
cpe:2.3:o:arista:eos:4.14:*:*:*:*:*:*:*
cpe:2.3:o:arista:eos:4.15:*:*:*:*:*:*:*