Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Wed, 17 Aug 2016 23:38:40 -0400 (EDT)
From: cve-assign@...re.org
To: ppandit@...hat.com
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com, liqiang6-s@....cn
Subject: Re: CVE request Qemu: an infinite loop during packet fragmentation

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> Quick Emulator(Qemu) built with the VMWARE VMXNET3 NIC device support,
> with network abstraction layer is vulnerable to an infinite loop issue.
> It could occur while fragmenting packets in the device.
> 
> A privileged user inside guest could use this flaw to crash the Qemu instance
> resulting in DoS.
> 
> https://lists.gnu.org/archive/html/qemu-devel/2016-08/msg01601.html
> http://git.qemu.org/?p=qemu.git;a=commit;h=ead315e43ea0c2ca3491209c6c8db8ce3f2bbe05
> 
> It is susceptible
> to an infinite loop, if the current fragment length is zero.

Use CVE-2016-6834.

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJXtSWUAAoJEHb/MwWLVhi2Y/sP/jxwMXiQrfXymrc2Ol3PCKxA
S7jTAlxSjG8DCH3T20nblB4NBdN7JXdKhywmZVs24zFsVGUA6zHD+JFduMROpQzv
p5GYv2WveqUGlgz0X96q6cIJOQh+iTwlw4SKcUxexK1iGGr/LrU9BTG+aIHLrOYe
t2UBHt0avx9Sfy8PCWljU+xrLTzU1IULd0fU/qaBXrn5GMweo79JPnIPMq7bAx/1
uUUod8hRnoEv04Pstv6k46NoF1IW0SFNol8i6NcZhxaGqD8viUmIaBoeSvfF3I6o
xWK5NNoiROKXGgfzhqt/q3i9KurVwnaDFV5ZPeVPb0mss0HWB4Gloo9MdMa4fBAf
UmHp2/mkIHqkJv9lqDidW2Qt+D9c5yJ/92f6Ym9hKX26Q1+UaD/MpJT5OXsj4Otu
VcMR3tPjaSh3h9xYjmONBkbMmkum09KSTvfhGtssiQaAiTP18T60adLGGIPwBj/d
gcVOANLF0gr4DlxYn0H0hD90Mw3eGK0ShU9Ny/K81z7hcUA8T/T4QVuFR7Va5tvJ
USmd+HPrZzQcqeRV0oYmDqio+Dg9V8+0LrYILxA82+qv3w+/BoaEmYPkxFqNRleH
6TPWLlewziXb14goepC7TAnUyPHTKxYkuOFqEXdaeGEW2X8KqDv1DwQy4sKCTFBj
Ic0SqC5GnEEgFlo70OHN
=59XJ
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.