[Secure-testing-team] Bug#809237: CVE-2015-8619: hmp: stack based OOB write in hmp_sendkey routine
Michael Tokarev
mjt at tls.msk.ru
Mon Dec 28 15:27:00 UTC 2015
Source: qemu
Version: 1.3.0+dfsg-1
Severity: important
Tags: security patch upstream
CVE-2015-8619 has been reported against qemu:
Qemu emulator built with the Human Monitor Interface(HMP) support
is vulnerable to an OOB write issue. It occurs while processing
'sendkey' command in hmp_sendkey routine, if the command argument
is longer than the 'keyname_buf' buffer size.
A user/process could use this flaw to crash the Qemu process instance
resulting in DoS.
The function hmp_sendkey, together with this vulnerability, has been introduced
upstream past 1.2.0 version (e4c8f004c55d9da3eae3e14df740238bf805b5d6).
More information about the Secure-testing-team
mailing list