CVE-2015-5225

CVSS V2 High 7.2 CVSS V3 None
Description
Buffer overflow in the vnc_refresh_server_surface function in the VNC display driver in QEMU before 2.4.0.1 allows guest users to cause a denial of service (heap memory corruption and process crash) or possibly execute arbitrary code on the host via unspecified vectors, related to refreshing the server display surface.
Overview
  • CVE ID
  • CVE-2015-5225
  • Assigner
  • secalert@redhat.com
  • Vulnerability Status
  • Modified
  • Published Version
  • 2015-11-06T21:59:05
  • Last Modified Date
  • 2023-02-13T00:52:24
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:redhat:openstack:5.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:redhat:openstack:6.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:redhat:openstack:7.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:* 1 OR 2.4.0
CVSS Version 2
  • Version
  • 2.0
  • Vector String
  • AV:L/AC:L/Au:N/C:C/I:C/A:C
  • Access Vector
  • LOCAL
  • Access Compatibility
  • LOW
  • Authentication
  • NONE
  • Confidentiality Impact
  • COMPLETE
  • Integrity Impact
  • COMPLETE
  • Availability Impact
  • COMPLETE
  • Base Score
  • 7.2
  • Severity
  • HIGH
  • Exploitability Score
  • 3.9
  • Impact Score
  • 10
History
Created Old Value New Value Data Type Notes
2022-05-10 08:12:41 Added to TrackCVE
2022-12-02 07:07:34 2015-11-06T21:59Z 2015-11-06T21:59:05 CVE Published Date updated
2022-12-02 07:07:34 2017-11-04T01:29:06 CVE Modified Date updated
2022-12-02 07:07:34 Modified Vulnerability Status updated
2023-02-02 17:05:12 2023-02-02T15:17:06 CVE Modified Date updated
2023-02-02 17:05:13 Buffer overflow in the vnc_refresh_server_surface function in the VNC display driver in QEMU before 2.4.0.1 allows guest users to cause a denial of service (heap memory corruption and process crash) or possibly execute arbitrary code on the host via unspecified vectors, related to refreshing the server display surface. A heap-based buffer overflow issue was found in the QEMU emulator's VNC display driver. It could occur while refreshing the VNC server's display surface using the vnc_refresh_server_surface() routine. A privileged guest user could use this flaw to corrupt the heap memory and crash the QEMU process instance, or to potentially use it to execute arbitrary code on the host. Description updated
2023-02-02 17:05:17 References updated
2023-02-13 01:06:17 2023-02-13T00:52:24 CVE Modified Date updated
2023-02-13 01:06:17 A heap-based buffer overflow issue was found in the QEMU emulator's VNC display driver. It could occur while refreshing the VNC server's display surface using the vnc_refresh_server_surface() routine. A privileged guest user could use this flaw to corrupt the heap memory and crash the QEMU process instance, or to potentially use it to execute arbitrary code on the host. Buffer overflow in the vnc_refresh_server_surface function in the VNC display driver in QEMU before 2.4.0.1 allows guest users to cause a denial of service (heap memory corruption and process crash) or possibly execute arbitrary code on the host via unspecified vectors, related to refreshing the server display surface. Description updated