CVE-2012-6075

CVSS V2 High 9.3 CVSS V3 None
Description
Buffer overflow in the e1000_receive function in the e1000 device driver (hw/e1000.c) in QEMU 1.3.0-rc2 and other versions, when the SBP and LPE flags are disabled, allows remote attackers to cause a denial of service (guest OS crash) and possibly execute arbitrary guest code via a large packet.
Overview
  • CVE ID
  • CVE-2012-6075
  • Assigner
  • secalert@redhat.com
  • Vulnerability Status
  • Modified
  • Published Version
  • 2013-02-13T01:55:03
  • Last Modified Date
  • 2023-02-13T04:37:52
Weakness Enumerations
CWE URL
CWE-120 http://cwe.mitre.org/data/definitions/120.html
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
AND
cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:* 1 OR 1.3.0
AND
cpe:2.3:o:fedoraproject:fedora:16:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:fedoraproject:fedora:17:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:fedoraproject:fedora:18:*:*:*:*:*:*:* 1 OR
AND
cpe:2.3:o:opensuse:opensuse:12.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:ltss:*:*:* 1 OR
AND
cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:redhat:enterprise_linux_eus:5.9:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:redhat:enterprise_linux_eus:6.4:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:redhat:enterprise_linux_server_aus:5.9:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:redhat:enterprise_linux_server_aus:6.4:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:* 1 OR
AND
cpe:2.3:a:redhat:virtualization:3.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:* 1 OR
AND
cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:* 1 OR
cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:* 1 OR
cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:* 1 OR
CVSS Version 2
  • Version
  • 2.0
  • Vector String
  • AV:N/AC:M/Au:N/C:C/I:C/A:C
  • Access Vector
  • NETWORK
  • Access Compatibility
  • MEDIUM
  • Authentication
  • NONE
  • Confidentiality Impact
  • COMPLETE
  • Integrity Impact
  • COMPLETE
  • Availability Impact
  • COMPLETE
  • Base Score
  • 9.3
  • Severity
  • HIGH
  • Exploitability Score
  • 8.6
  • Impact Score
  • 10
References
Reference URL Reference Tags
http://lists.nongnu.org/archive/html/qemu-devel/2012-12/msg00533.html Patch Third Party Advisory
http://git.qemu.org/?p=qemu.git;a=commitdiff;h=b0d9ffcd0251161c7c92f94804dcf599dfa3edeb Patch Vendor Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2013-January/097541.html Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2013-January/097705.html Third Party Advisory
http://www.ubuntu.com/usn/USN-1692-1 Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=889301 Issue Tracking Third Party Advisory
http://www.securityfocus.com/bid/57420 Third Party Advisory VDB Entry
http://lists.fedoraproject.org/pipermail/package-announce/2013-January/097575.html Third Party Advisory
http://www.openwall.com/lists/oss-security/2012/12/30/1 Mailing List Third Party Advisory
http://www.debian.org/security/2013/dsa-2608 Third Party Advisory
http://www.debian.org/security/2013/dsa-2607 Third Party Advisory
http://www.debian.org/security/2013/dsa-2619 Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2013-0610.html Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2013-0599.html Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2013-0609.html Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2013-0639.html Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2013-0608.html Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2013-04/msg00052.html Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2013-04/msg00051.html Third Party Advisory
http://secunia.com/advisories/55082 Third Party Advisory
http://security.gentoo.org/glsa/glsa-201309-24.xml Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html Third Party Advisory
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2012-6075
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6075
History
Created Old Value New Value Data Type Notes
2022-05-10 17:23:39 Added to TrackCVE
2023-02-13 05:05:22 2023-02-13T04:37:52 CVE Modified Date updated
2023-02-13 05:05:22 Analyzed Modified Vulnerability Status updated