Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Fri, 23 Sep 2016 09:48:07 +0000
From: Hu Chaojian <chaojianhu@...mail.com>
To: "oss-security@...ts.openwall.com" <oss-security@...ts.openwall.com>
Subject: CVE request Qemu: hw: net: Fix a heap overflow in
 xlnx.xps-ethernetlite

The .receive callback of xlnx.xps-ethernetlite doesn't check the length

of data before calling memcpy. As a result, the NetClientState object in
heap will be overflowed. Attackers may leverage it to execute arbitrary

code with privileges of the qemu process on the host.


Upstream patches:

https://lists.gnu.org/archive/html/qemu-devel/2016-08/msg01598.html
https://lists.gnu.org/archive/html/qemu-devel/2016-08/msg01877.html<https://lists.gnu.org/archive/html/qemu-devel/2016-08/msg01598.htmlhttps://lists.gnu.org/archive/html/qemu-devel/2016-08/msg01877.html>

This issue was discovered by chaojianhu<chaojianhu@...mail.com>

Thanks,

Chaojian Hu


-------------------------------------------------------------------------------------------

p.s.

Alistair (the code maintainer) have requested a cve id for this vulnerability.


>>Hello chaojianhu,

>>I created a CVE, but I can't access it. Do you know how to expose the CVE?

>>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7161

>>Thanks,

>>Alistair


But there seems a small problem.

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.