Vulnerability-Lookup

CVE-2014-3461 (GCVE-0-2014-3461)

Vulnerability from cvelistv5 – Published: 2014-11-04 21:00 – Updated: 2024-08-06 10:43

Summary

hw/usb/bus.c in QEMU 1.6.2 allows remote attackers to execute arbitrary code via crafted savevm data, which triggers a heap-based buffer overflow, related to "USB post load checks."

Severity ?

No CVSS data available.

CWE

Assigner

redhat

References

URL

GHSA-9MPF-QR4J-4FP9

Vulnerability from github – Published: 2022-05-17 04:29 – Updated: 2022-05-17 04:29

Details

hw/usb/bus.c in QEMU 1.6.2 allows remote attackers to execute arbitrary code via crafted savevm data, which triggers a heap-based buffer overflow, related to "USB post load checks."

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2014-3461"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2014-11-04T21:55:00Z",
    "severity": "MODERATE"
  },
  "details": "hw/usb/bus.c in QEMU 1.6.2 allows remote attackers to execute arbitrary code via crafted savevm data, which triggers a heap-based buffer overflow, related to \"USB post load checks.\"",
  "id": "GHSA-9mpf-qr4j-4fp9",
  "modified": "2022-05-17T04:29:54Z",
  "published": "2022-05-17T04:29:54Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3461"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2014:0674"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2014:0743"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2014:0744"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2014:0888"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2014:0927"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2014:1268"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2014-3461"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1096821"
    },
    {
      "type": "WEB",
      "url": "http://article.gmane.org/gmane.comp.emulators.qemu/272092"
    },
    {
      "type": "WEB",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134053.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2014-0743.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2014-0744.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CERTFR-2014-AVI-452

Vulnerability from certfr_avis - Published: 2014-10-29 - Updated: 2014-10-29

De multiples vulnérabilités ont été corrigées dans Qemu. Elles permettent à un attaquant de provoquer une exécution de code arbitraire.

Contournement provisoire

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	N/A	N/A	Qemu-kvm

References

Title

Publication Time

Tags

Bulletin de sécurité Red Hat du 28 octobre 2014

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Qemu-kvm",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Contournement provisoire\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2013-4536",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-4536"
    },
    {
      "name": "CVE-2013-4535",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-4535"
    },
    {
      "name": "CVE-2014-0142",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0142"
    },
    {
      "name": "CVE-2013-6399",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-6399"
    },
    {
      "name": "CVE-2014-0145",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0145"
    },
    {
      "name": "CVE-2013-4537",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-4537"
    },
    {
      "name": "CVE-2014-0148",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0148"
    },
    {
      "name": "CVE-2014-3615",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3615"
    },
    {
      "name": "CVE-2013-4541",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-4541"
    },
    {
      "name": "CVE-2013-4529",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-4529"
    },
    {
      "name": "CVE-2014-0223",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0223"
    },
    {
      "name": "CVE-2013-4542",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-4542"
    },
    {
      "name": "CVE-2013-4539",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-4539"
    },
    {
      "name": "CVE-2014-0182",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0182"
    },
    {
      "name": "CVE-2014-0144",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0144"
    },
    {
      "name": "CVE-2013-4151",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-4151"
    },
    {
      "name": "CVE-2013-4150",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-4150"
    },
    {
      "name": "CVE-2014-0143",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0143"
    },
    {
      "name": "CVE-2013-4538",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-4538"
    },
    {
      "name": "CVE-2014-3461",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3461"
    },
    {
      "name": "CVE-2013-4148",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-4148"
    },
    {
      "name": "CVE-2013-4531",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-4531"
    },
    {
      "name": "CVE-2013-4534",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-4534"
    },
    {
      "name": "CVE-2013-4526",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-4526"
    },
    {
      "name": "CVE-2013-4149",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-4149"
    },
    {
      "name": "CVE-2014-0147",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0147"
    },
    {
      "name": "CVE-2014-3640",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3640"
    },
    {
      "name": "CVE-2013-4527",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-4527"
    },
    {
      "name": "CVE-2013-4533",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-4533"
    },
    {
      "name": "CVE-2014-0146",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0146"
    },
    {
      "name": "CVE-2014-0150",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0150"
    },
    {
      "name": "CVE-2013-4540",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-4540"
    },
    {
      "name": "CVE-2014-0222",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0222"
    },
    {
      "name": "CVE-2013-4530",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-4530"
    }
  ],
  "initial_release_date": "2014-10-29T00:00:00",
  "last_revision_date": "2014-10-29T00:00:00",
  "links": [],
  "reference": "CERTFR-2014-AVI-452",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2014-10-29T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eQemu\u003c/span\u003e. Elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Qemu",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Red Hat du 28 octobre 2014",
      "url": "https://rhn.redhat.com/errata/RHSA-2014-0743.html"
    }
  ]
}

FKIE_CVE-2014-3461

Vulnerability from fkie_nvd - Published: 2014-11-04 21:55 - Updated: 2025-04-12 10:46

Severity ?

Summary

hw/usb/bus.c in QEMU 1.6.2 allows remote attackers to execute arbitrary code via crafted savevm data, which triggers a heap-based buffer overflow, related to "USB post load checks."

References

	URL	Tags
	secalert@redhat.com	http://article.gmane.org/gmane.comp.emulators.qemu/272092
	secalert@redhat.com	http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134053.html
	secalert@redhat.com	http://rhn.redhat.com/errata/RHSA-2014-0743.html
	secalert@redhat.com	http://rhn.redhat.com/errata/RHSA-2014-0744.html
	af854a3a-2127-422b-91ae-364da2661108	http://article.gmane.org/gmane.comp.emulators.qemu/272092
	af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134053.html
	af854a3a-2127-422b-91ae-364da2661108	http://rhn.redhat.com/errata/RHSA-2014-0743.html
	af854a3a-2127-422b-91ae-364da2661108	http://rhn.redhat.com/errata/RHSA-2014-0744.html

Impacted products

	Vendor	Product	Version
	qemu	qemu	1.6.2

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:qemu:qemu:1.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "59FC829F-2AC7-4CB5-8F03-967906DE9028",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "hw/usb/bus.c in QEMU 1.6.2 allows remote attackers to execute arbitrary code via crafted savevm data, which triggers a heap-based buffer overflow, related to \"USB post load checks.\""
    },
    {
      "lang": "es",
      "value": "hw/usb/bus.c en QEMU 1.6.2 permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de datos savevm manipulados, lo que provoca un desbordamiento de buffer basado en memoria din\u00e1mica, relacionado con \u0027comprobaciones de cargas de correo de USB.\u0027"
    }
  ],
  "id": "CVE-2014-3461",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-11-04T21:55:25.737",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://article.gmane.org/gmane.comp.emulators.qemu/272092"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134053.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://rhn.redhat.com/errata/RHSA-2014-0743.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://rhn.redhat.com/errata/RHSA-2014-0744.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://article.gmane.org/gmane.comp.emulators.qemu/272092"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134053.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2014-0743.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2014-0744.html"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2014-3461

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

hw/usb/bus.c in QEMU 1.6.2 allows remote attackers to execute arbitrary code via crafted savevm data, which triggers a heap-based buffer overflow, related to "USB post load checks."

Aliases

CVE-2014-3461

Aliases

CVE-2014-3461

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2014-3461",
    "description": "hw/usb/bus.c in QEMU 1.6.2 allows remote attackers to execute arbitrary code via crafted savevm data, which triggers a heap-based buffer overflow, related to \"USB post load checks.\"",
    "id": "GSD-2014-3461",
    "references": [
      "https://www.suse.com/security/cve/CVE-2014-3461.html",
      "https://access.redhat.com/errata/RHSA-2014:1268",
      "https://access.redhat.com/errata/RHSA-2014:0927",
      "https://access.redhat.com/errata/RHSA-2014:0888",
      "https://access.redhat.com/errata/RHSA-2014:0744",
      "https://access.redhat.com/errata/RHSA-2014:0743",
      "https://access.redhat.com/errata/RHSA-2014:0674",
      "https://ubuntu.com/security/CVE-2014-3461",
      "https://advisories.mageia.org/CVE-2014-3461.html",
      "https://linux.oracle.com/cve/CVE-2014-3461.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2014-3461"
      ],
      "details": "hw/usb/bus.c in QEMU 1.6.2 allows remote attackers to execute arbitrary code via crafted savevm data, which triggers a heap-based buffer overflow, related to \"USB post load checks.\"",
      "id": "GSD-2014-3461",
      "modified": "2023-12-13T01:22:53.927153Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secalert@redhat.com",
        "ID": "CVE-2014-3461",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "hw/usb/bus.c in QEMU 1.6.2 allows remote attackers to execute arbitrary code via crafted savevm data, which triggers a heap-based buffer overflow, related to \"USB post load checks.\""
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://rhn.redhat.com/errata/RHSA-2014-0743.html",
            "refsource": "MISC",
            "url": "http://rhn.redhat.com/errata/RHSA-2014-0743.html"
          },
          {
            "name": "http://rhn.redhat.com/errata/RHSA-2014-0744.html",
            "refsource": "MISC",
            "url": "http://rhn.redhat.com/errata/RHSA-2014-0744.html"
          },
          {
            "name": "http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134053.html",
            "refsource": "MISC",
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134053.html"
          },
          {
            "name": "http://article.gmane.org/gmane.comp.emulators.qemu/272092",
            "refsource": "MISC",
            "url": "http://article.gmane.org/gmane.comp.emulators.qemu/272092"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:qemu:qemu:1.6.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2014-3461"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "hw/usb/bus.c in QEMU 1.6.2 allows remote attackers to execute arbitrary code via crafted savevm data, which triggers a heap-based buffer overflow, related to \"USB post load checks.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-119"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "FEDORA-2014-6970",
              "refsource": "FEDORA",
              "tags": [],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134053.html"
            },
            {
              "name": "[qemu-devel] 20140512 [PATCH] usb: fix up post load checks",
              "refsource": "MLIST",
              "tags": [],
              "url": "http://article.gmane.org/gmane.comp.emulators.qemu/272092"
            },
            {
              "name": "RHSA-2014:0743",
              "refsource": "REDHAT",
              "tags": [],
              "url": "http://rhn.redhat.com/errata/RHSA-2014-0743.html"
            },
            {
              "name": "RHSA-2014:0744",
              "refsource": "REDHAT",
              "tags": [],
              "url": "http://rhn.redhat.com/errata/RHSA-2014-0744.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2023-02-13T00:39Z",
      "publishedDate": "2014-11-04T21:55Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2014-3461 (GCVE-0-2014-3461)

GHSA-9MPF-QR4J-4FP9

CERTFR-2014-AVI-452

Contournement provisoire

FKIE_CVE-2014-3461

GSD-2014-3461

Tags

Sightings

Nomenclature