CVE-2014-3640
Description
The sosendto function in slirp/udp.c in QEMU before 2.1.2 allows local users to cause a denial of service (NULL pointer dereference) by sending a udp packet with a value of 0 in the source port and address, which triggers access of an uninitialized socket.
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2014-3640
Vendor advisory: secalert@redhat.com — http://lists.nongnu.org/archive/html/qemu-devel/2014-09/msg04707.html
Vendor advisory: secalert@redhat.com — http://lists.nongnu.org/archive/html/qemu-devel/2014-09/msg04598.html
Vendor advisory: secalert@redhat.com — http://lists.nongnu.org/archive/html/qemu-devel/2014-09/msg03543.html
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| debian | 7.0 | affected | |
| ubuntu | 10.04 | affected | |
| ubuntu | 12.04 | affected | |
| ubuntu | 14.04 | affected | |
| ubuntu | 14.10 | affected | |
| rhel | 7.0 | affected | |
| debian | bookworm | fixed | 2.1+dfsg-5 |
| debian | bullseye | fixed | 2.1+dfsg-5 |
| debian | forky | fixed | 2.1+dfsg-5 |
| debian | sid | fixed | 2.1+dfsg-5 |
| debian | trixie | fixed | 2.1+dfsg-5 |
References
- http://lists.nongnu.org/archive/html/qemu-devel/2014-09/msg03543.html
- http://lists.nongnu.org/archive/html/qemu-devel/2014-09/msg04598.html
- http://lists.nongnu.org/archive/html/qemu-devel/2014-09/msg04707.html
- http://rhn.redhat.com/errata/RHSA-2015-0349.html
- http://rhn.redhat.com/errata/RHSA-2015-0624.html
- http://www.debian.org/security/2014/dsa-3044
- http://www.debian.org/security/2014/dsa-3045
- http://www.ubuntu.com/usn/USN-2409-1
- https://bugzilla.redhat.com/show_bug.cgi?id=1144818
- https://security-tracker.debian.org/tracker/CVE-2014-3640
CWEs
CWE-476
Verify integrity in audit chain (admin only). AS-IS.