CVE - CVE-2014-0143

CVE-ID
CVE-2014-0143	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Multiple integer overflows in the block drivers in QEMU, possibly before 2.0.0, allow local users to cause a denial of service (crash) via a crafted catalog size in (1) the parallels_open function in block/parallels.c or (2) bochs_open function in bochs.c, a large L1 table in the (3) qcow2_snapshot_load_tmp in qcow2-snapshot.c or (4) qcow2_grow_l1_table function in qcow2-cluster.c, (5) a large request in the bdrv_check_byte_request function in block.c and other block drivers, (6) crafted cluster indexes in the get_refcount function in qcow2-refcount.c, or (7) a large number of blocks in the cloop_open function in cloop.c, which trigger buffer overflows, memory corruption, large memory allocations and out-of-bounds read and writes.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:DSA-3044 URL:http://www.debian.org/security/2014/dsa-3044 MISC:RHSA-2014:0420 URL:http://rhn.redhat.com/errata/RHSA-2014-0420.html MISC:RHSA-2014:0421 URL:http://rhn.redhat.com/errata/RHSA-2014-0421.html MISC:http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=509a41bab5306181044b5fff02eadf96d9c8676a URL:http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=509a41bab5306181044b5fff02eadf96d9c8676a MISC:http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=6a83f8b5bec6f59e56cc49bd49e4c3f8f805d56f URL:http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=6a83f8b5bec6f59e56cc49bd49e4c3f8f805d56f MISC:http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=8f4754ede56e3f9ea3fd7207f4a7c4453e59285b URL:http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=8f4754ede56e3f9ea3fd7207f4a7c4453e59285b MISC:http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=afbcc40bee4ef51731102d7d4b499ee12fc182e1 URL:http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=afbcc40bee4ef51731102d7d4b499ee12fc182e1 MISC:http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=cab60de930684c33f67d4e32c7509b567f8c445b URL:http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=cab60de930684c33f67d4e32c7509b567f8c445b MISC:http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=db8a31d11d6a60f48d6817530640d75aa72a9a2f URL:http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=db8a31d11d6a60f48d6817530640d75aa72a9a2f MISC:http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=e3737b820b45e54b059656dc3f914f895ac7a88b URL:http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=e3737b820b45e54b059656dc3f914f895ac7a88b MISC:https://bugzilla.redhat.com/show_bug.cgi?id=1079140 URL:https://bugzilla.redhat.com/show_bug.cgi?id=1079140
Assigning CNA
Red Hat, Inc.
Date Record Created
20131203	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20131203)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)

Site Map | Terms of Use | Privacy Policy | Contact Us | Follow CVE

Use of the CVE® List and the associated references from this website are subject to the terms of use. CVE is sponsored by the U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA). Copyright © 1999–2024, The MITRE Corporation. CVE and the CVE logo are registered trademarks of The MITRE Corporation.