CVE-2015-5278

CVSS v3.1 6.5 (Medium)

CVSS v2.0 4 (Medium)

EPSS 0.33 % (71^th)

Affected Products 4

Advisories 19

The ne2000_receive function in hw/net/ne2000.c in QEMU before 2.4.0.1 allows attackers to cause a denial of service (infinite loop and instance crash) or possibly execute arbitrary code via vectors related to receiving packets.

Weaknesses

CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')

CVE Status: PUBLISHED
CNA: Red Hat, Inc.
Published Date: 2020-01-23 20:15:11
(4 years ago)
Updated Date: 2021-11-30 19:46:40
(2 years ago)

Affected Products

Arista

Configuration #1

		CPE23	From	Up To
	Qemu prior 2.4.0.1 version	cpe:2.3:a:qemu:qemu		< 2.4.0.1

Configuration #2

		CPE23	From	Up To
	Fedoraproject Fedora 21	cpe:2.3:o:fedoraproject:fedora:21
	Fedoraproject Fedora 22	cpe:2.3:o:fedoraproject:fedora:22
	Fedoraproject Fedora 23	cpe:2.3:o:fedoraproject:fedora:23

Configuration #3

		CPE23	From	Up To
	Canonical Ubuntu Linux 12.04	cpe:2.3:o:canonical:ubuntu_linux:12.04:::*:lts
	Canonical Ubuntu Linux 14.04	cpe:2.3:o:canonical:ubuntu_linux:14.04:::*:lts
	Canonical Ubuntu Linux 15.04	cpe:2.3:o:canonical:ubuntu_linux:15.04

Configuration #4

		CPE23	From	Up To
	Arista Eos 4.12	cpe:2.3:o:arista:eos:4.12
	Arista Eos 4.13	cpe:2.3:o:arista:eos:4.13
	Arista Eos 4.14	cpe:2.3:o:arista:eos:4.14
	Arista Eos 4.15	cpe:2.3:o:arista:eos:4.15

Weaknesses

Affected Products

Arista

Canonical

Fedoraproject

Qemu

Configuration #1

Configuration #2

Configuration #3

Configuration #4