CVE-2014-0146

CVSS V2 Low 1.9 CVSS V3 Medium 5.5
Description
The qcow2_open function in the (block/qcow2.c) in QEMU before 1.7.2 and 2.x before 2.0.0 allows local users to cause a denial of service (NULL pointer dereference) via a crafted image which causes an error, related to the initialization of the snapshot_offset and nb_snapshots fields.
Overview
  • CVE ID
  • CVE-2014-0146
  • Assigner
  • secalert@redhat.com
  • Vulnerability Status
  • Modified
  • Published Version
  • 2017-08-10T15:29:00
  • Last Modified Date
  • 2023-02-13T00:32:55
Weakness Enumerations
CWE URL
CWE-476 http://cwe.mitre.org/data/definitions/476.html
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:* 1 OR 1.7.1
cpe:2.3:a:qemu:qemu:2.0.0:rc0:*:*:*:*:*:* 1 OR
cpe:2.3:a:qemu:qemu:2.0.0:rc1:*:*:*:*:*:* 1 OR
cpe:2.3:a:qemu:qemu:2.0.0:rc2:*:*:*:*:*:* 1 OR
cpe:2.3:a:qemu:qemu:2.0.0:rc3:*:*:*:*:*:* 1 OR
CVSS Version 2
  • Version
  • 2.0
  • Vector String
  • AV:L/AC:M/Au:N/C:N/I:N/A:P
  • Access Vector
  • LOCAL
  • Access Compatibility
  • MEDIUM
  • Authentication
  • NONE
  • Confidentiality Impact
  • NONE
  • Integrity Impact
  • NONE
  • Availability Impact
  • PARTIAL
  • Base Score
  • 1.9
  • Severity
  • LOW
  • Exploitability Score
  • 3.4
  • Impact Score
  • 2.9
CVSS Version 3
  • Version
  • 3.0
  • Vector String
  • CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
  • Attack Vector
  • LOCAL
  • Attack Compatibility
  • LOW
  • Privileges Required
  • NONE
  • User Interaction
  • REQUIRED
  • Scope
  • UNCHANGED
  • Confidentiality Impact
  • NONE
  • Availability Impact
  • HIGH
  • Base Score
  • 5.5
  • Base Severity
  • MEDIUM
  • Exploitability Score
  • 1.8
  • Impact Score
  • 3.6
References
Reference URL Reference Tags
http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=11b128f4062dd7f89b14abc8877ff20d41b28be9
http://rhn.redhat.com/errata/RHSA-2014-0420.html Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2014-0421.html Third Party Advisory
http://www.debian.org/security/2014/dsa-3044
http://www.openwall.com/lists/oss-security/2014/03/26/8 Mailing List Third Party Advisory
https://access.redhat.com/errata/RHSA-2014:0420
https://access.redhat.com/errata/RHSA-2014:0421
https://access.redhat.com/errata/RHSA-2014:0434
https://access.redhat.com/errata/RHSA-2014:0435
https://access.redhat.com/errata/RHSA-2014:0674
https://access.redhat.com/security/cve/CVE-2014-0146
https://bugzilla.redhat.com/show_bug.cgi?id=1078232 Issue Tracking Third Party Advisory
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2014-0146
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0146
History
Created Old Value New Value Data Type Notes
2022-05-10 08:12:43 Added to TrackCVE
2022-12-02 19:51:34 2017-08-10T15:29Z 2017-08-10T15:29:00 CVE Published Date updated
2022-12-02 19:51:34 2017-11-04T01:29:00 CVE Modified Date updated
2022-12-02 19:51:34 Modified Vulnerability Status updated
2023-02-02 21:06:21 2023-02-02T20:16:30 CVE Modified Date updated
2023-02-02 21:06:22 The qcow2_open function in the (block/qcow2.c) in QEMU before 1.7.2 and 2.x before 2.0.0 allows local users to cause a denial of service (NULL pointer dereference) via a crafted image which causes an error, related to the initialization of the snapshot_offset and nb_snapshots fields. CVE-2014-0146 Qemu: qcow2: NULL dereference in qcow2_open() error path Description updated
2023-02-02 21:06:24 References updated
2023-02-13 01:07:09 2023-02-13T00:32:55 CVE Modified Date updated
2023-02-13 01:07:10 CVE-2014-0146 Qemu: qcow2: NULL dereference in qcow2_open() error path The qcow2_open function in the (block/qcow2.c) in QEMU before 1.7.2 and 2.x before 2.0.0 allows local users to cause a denial of service (NULL pointer dereference) via a crafted image which causes an error, related to the initialization of the snapshot_offset and nb_snapshots fields. Description updated