CVE-2010-0297 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	7.2 UNKNOWN	LOCAL	LOW		AV:L/AC:L/Au:N/C:C/I:C/A:C

Base Score

CVSS 3.x

EPSS Score

Percentile: 24%

Affected Products (NVD)

Vendor	Product	Version
qemu	qemu	𝑥 ≤ 0.11.0
qemu	qemu	0.1.0
qemu	qemu	0.1.1
qemu	qemu	0.1.2
qemu	qemu	0.1.3
qemu	qemu	0.1.4
qemu	qemu	0.1.5
qemu	qemu	0.1.6
qemu	qemu	0.2.0
qemu	qemu	0.3.0
qemu	qemu	0.4.0
qemu	qemu	0.4.1
qemu	qemu	0.4.2
qemu	qemu	0.4.3
qemu	qemu	0.5.0
qemu	qemu	0.5.1
qemu	qemu	0.5.2
qemu	qemu	0.5.3
qemu	qemu	0.5.4
qemu	qemu	0.5.5
qemu	qemu	0.6.0
qemu	qemu	0.6.1
qemu	qemu	0.7.0
qemu	qemu	0.7.1
qemu	qemu	0.7.2
qemu	qemu	0.8.0
qemu	qemu	0.8.1
qemu	qemu	0.8.2
qemu	qemu	0.9.0
qemu	qemu	0.9.1
qemu	qemu	0.9.1-5
qemu	qemu	0.10.0
qemu	qemu	0.10.1
qemu	qemu	0.10.2
qemu	qemu	0.10.3
qemu	qemu	0.10.4
qemu	qemu	0.10.5
qemu	qemu	0.10.6
qemu	qemu	0.11.0-rc0
qemu	qemu	0.11.0-rc1
qemu	qemu	0.11.0-rc2

𝑥

= Vulnerable software versions

Ubuntu Releases

Ubuntu Product

Codename

kvm

dapper	dne
hardy	ignored
intrepid	ignored
jaunty	ignored
karmic	dne
lucid	dne
maverick	dne
natty	dne

qemu-kvm

dapper	dne
hardy	dne
intrepid	dne
jaunty	dne
karmic	ignored
lucid	not-affected
maverick	not-affected
natty	not-affected

Common Weakness Enumeration

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

References

http://git.savannah.gnu.org/cgit/qemu.git/commit/?id=babd03fde68093482528010a5435c14ce9128e3f

http://marc.info/?l=oss-security&m=126510479211473&w=2

http://marc.info/?l=oss-security&m=126527304127254&w=2

http://wiki.qemu.org/ChangeLog

http://www.mail-archive.com/kvm%40vger.kernel.org/msg18447.html

http://www.mail-archive.com/kvm%40vger.kernel.org/msg19581.html

http://www.mail-archive.com/kvm%40vger.kernel.org/msg19596.html

http://www.securityfocus.com/bid/38158

https://bugzilla.redhat.com/show_bug.cgi?id=557025

https://exchange.xforce.ibmcloud.com/vulnerabilities/56194

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11786

https://rhn.redhat.com/errata/RHSA-2010-0088.html

http://git.savannah.gnu.org/cgit/qemu.git/commit/?id=babd03fde68093482528010a5435c14ce9128e3f

http://marc.info/?l=oss-security&m=126510479211473&w=2

http://marc.info/?l=oss-security&m=126527304127254&w=2

http://wiki.qemu.org/ChangeLog

http://www.mail-archive.com/kvm%40vger.kernel.org/msg18447.html

http://www.mail-archive.com/kvm%40vger.kernel.org/msg19581.html

http://www.mail-archive.com/kvm%40vger.kernel.org/msg19596.html

http://www.securityfocus.com/bid/38158

https://bugzilla.redhat.com/show_bug.cgi?id=557025

https://exchange.xforce.ibmcloud.com/vulnerabilities/56194

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11786

https://rhn.redhat.com/errata/RHSA-2010-0088.html