CVE-2016-6834 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	4.4 MEDIUM	LOCAL	LOW	HIGH	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 29%

Affected Products (NVD)

Vendor	Product	Version
qemu	qemu	𝑥 ≤ 2.6.2
qemu	qemu	2.7.0:rc0
qemu	qemu	2.7.0:rc1
qemu	qemu	2.7.0:rc2
debian	debian_linux	8.0

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

qemu

bookworm	1:7.2+dfsg-7+deb12u7 fixed
bullseye	1:5.2+dfsg-11+deb11u3 fixed
bullseye (security)	1:5.2+dfsg-11+deb11u2 fixed
sid	1:9.1.1+ds-2 fixed
trixie	1:9.1.1+ds-2 fixed
wheezy	not-affected

Ubuntu Releases

Ubuntu Product

Codename

qemu

precise	dne
trusty	Fixed 2.0.0+dfsg-2ubuntu1.30 released
xenial	Fixed 1:2.5+dfsg-5ubuntu10.6 released
yakkety	Fixed 1:2.6.1+dfsg-0ubuntu5.1 released

qemu-kvm

precise	not-affected
trusty	dne
xenial	dne
yakkety	dne

openSUSE / SLES Releases

openSUSE Product

Release

qemu

suse enterprise server 12	2.0.2-48.34.3 fixed
suse enterprise server 12 SP1	2.3.1-33.3.3 fixed

qemu-block-curl

suse enterprise server 12	2.0.2-48.34.3 fixed
suse enterprise server 12 SP1	2.3.1-33.3.3 fixed

qemu-block-rbd

suse enterprise server 12	2.0.2-48.34.3 fixed
suse enterprise server 12 SP1	2.3.1-33.3.3 fixed

qemu-guest-agent

suse enterprise server 12	2.0.2-48.34.3 fixed
suse enterprise server 12 SP1	2.3.1-33.3.3 fixed

qemu-ipxe

suse enterprise server 12	1.0.0-48.34.3 fixed
suse enterprise server 12 SP1	1.0.0-33.3.3 fixed

qemu-kvm

suse enterprise server 12	2.0.2-48.34.3 fixed
suse enterprise server 12 SP1	2.3.1-33.3.3 fixed

qemu-lang

suse enterprise server 12	2.0.2-48.34.3 fixed
suse enterprise server 12 SP1	2.3.1-33.3.3 fixed

qemu-ppc

suse enterprise server 12	2.0.2-48.34.3 fixed
suse enterprise server 12 SP1	2.3.1-33.3.3 fixed

qemu-s390

suse enterprise server 12	2.0.2-48.34.3 fixed
suse enterprise server 12 SP1	2.3.1-33.3.3 fixed

qemu-seabios

suse enterprise server 12	1.7.4-48.34.3 fixed
suse enterprise server 12 SP1	1.8.1-33.3.3 fixed

qemu-sgabios-8

suse enterprise server 12	48.34.3 fixed
suse enterprise server 12 SP1	33.3.3 fixed

qemu-tools

suse enterprise server 12	2.0.2-48.34.3 fixed
suse enterprise server 12 SP1	2.3.1-33.3.3 fixed

qemu-vgabios

suse enterprise server 12	1.7.4-48.34.3 fixed
suse enterprise server 12 SP1	1.8.1-33.3.3 fixed

qemu-x86

suse enterprise server 12	2.0.2-48.34.3 fixed
suse enterprise server 12 SP1	2.3.1-33.3.3 fixed

Common Weakness Enumeration

CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

References

http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=ead315e43ea0c2ca3491209c6c8db8ce3f2bbe05

http://www.openwall.com/lists/oss-security/2016/08/11/8

http://www.openwall.com/lists/oss-security/2016/08/18/7

http://www.securityfocus.com/bid/92446

https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html

https://lists.gnu.org/archive/html/qemu-devel/2016-08/msg01601.html

https://security.gentoo.org/glsa/201609-01

http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=ead315e43ea0c2ca3491209c6c8db8ce3f2bbe05

http://www.openwall.com/lists/oss-security/2016/08/11/8

http://www.openwall.com/lists/oss-security/2016/08/18/7

http://www.securityfocus.com/bid/92446

https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html

https://lists.gnu.org/archive/html/qemu-devel/2016-08/msg01601.html

https://security.gentoo.org/glsa/201609-01