CVE-2014-0148

Source
https://nvd.nist.gov/vuln/detail/CVE-2014-0148
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2014-0148.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2014-0148
Related
Published
2022-09-29T03:15:11Z
Modified
2024-09-11T02:00:04Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

Qemu before 2.0 block driver for Hyper-V VHDX Images is vulnerable to infinite loops and other potential issues when calculating BAT entries, due to missing bounds checks for blocksize and logicalsectorsize variables. These are used to derive other fields like 'sectorsper_block' etc. A user able to alter the Qemu disk image could ise this flaw to crash the Qemu instance resulting in DoS.

References

Affected packages

Debian:11 / qemu

Package

Name
qemu
Purl
pkg:deb/debian/qemu?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.0.0+dfsg-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / qemu

Package

Name
qemu
Purl
pkg:deb/debian/qemu?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.0.0+dfsg-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / qemu

Package

Name
qemu
Purl
pkg:deb/debian/qemu?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.0.0+dfsg-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}