Vulnerability Details : CVE-2014-3640
The sosendto function in slirp/udp.c in QEMU before 2.1.2 allows local users to cause a denial of service (NULL pointer dereference) by sending a udp packet with a value of 0 in the source port and address, which triggers access of an uninitialized socket.
Vulnerability category: Memory CorruptionDenial of service
Products affected by CVE-2014-3640
- cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*
- cpe:2.3:a:qemu:qemu:2.0.0:rc0:*:*:*:*:*:*
- cpe:2.3:a:qemu:qemu:2.0.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:qemu:qemu:2.0.0:rc3:*:*:*:*:*:*
- cpe:2.3:a:qemu:qemu:2.0.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:qemu:qemu:2.0.0:-:*:*:*:*:*:*
- cpe:2.3:a:qemu:qemu:2.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:qemu:qemu:2.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:qemu:qemu:2.1.0:rc3:*:*:*:*:*:*
- cpe:2.3:a:qemu:qemu:2.1.0:rc5:*:*:*:*:*:*
- cpe:2.3:a:qemu:qemu:2.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:qemu:qemu:2.1.0:rc0:*:*:*:*:*:*
- cpe:2.3:a:qemu:qemu:2.1.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:qemu:qemu:2.1.0:rc2:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2014-3640
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 6 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2014-3640
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
2.1
|
LOW | AV:L/AC:L/Au:N/C:N/I:N/A:P |
3.9
|
2.9
|
NIST |
CWE ids for CVE-2014-3640
-
The product dereferences a pointer that it expects to be valid but is NULL.Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-3640
-
http://www.debian.org/security/2014/dsa-3045
Debian -- Security Information -- DSA-3045-1 qemuThird Party Advisory
-
http://lists.nongnu.org/archive/html/qemu-devel/2014-09/msg04598.html
Re: [Qemu-devel] [Qemu-stable] [PATCH v2] slirp: udp: fix NULL pointer dPatch;Vendor Advisory
-
http://rhn.redhat.com/errata/RHSA-2015-0349.html
RHSA-2015:0349 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://lists.nongnu.org/archive/html/qemu-devel/2014-09/msg04707.html
Re: [Qemu-devel] [PATCH v2] slirp: udp: fix NULL pointer dereference becPatch;Vendor Advisory
-
http://www.debian.org/security/2014/dsa-3044
Debian -- Security Information -- DSA-3044-1 qemu-kvm
-
http://rhn.redhat.com/errata/RHSA-2015-0624.html
RHSA-2015:0624 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://lists.nongnu.org/archive/html/qemu-devel/2014-09/msg03543.html
[Qemu-devel] [PATCH v2] slirp: udp: fix NULL pointer dereference becausePatch;Vendor Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=1144818
1144818 – (CVE-2014-3640) CVE-2014-3640 qemu: slirp: NULL pointer deref in sosendto()Issue Tracking
-
http://www.ubuntu.com/usn/USN-2409-1
USN-2409-1: QEMU vulnerabilities | Ubuntu security noticesThird Party Advisory
Jump to