QEMU mipsnet_receive Function Buffer Overflow Vulnerability (CVE-2016-4002)
QEMU mipsnet_receive Function Buffer Overflow Vulnerability (CVE-2016-4002)
Release date:
Updated on:
Affected Systems:
QEMU
Description:
CVE (CAN) ID: CVE-2016-4002
QEMU is an open source simulator software.
QEMU hw/net/mipsnet. in c, the mipsnet_receive function has a buffer overflow vulnerability. After the client NIC is configured to accept large data packets, remote attackers can use a data packet larger than 1514 bytes, resulting in DOS or arbitrary code execution.
<* Source: Prasad J Pandit
*>
Suggestion:
Vendor patch:
QEMU
----
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Https://lists.gnu.org/archive/html/qemu-devel/2016-04/msg01131.html
Http://fabrice.bellard.free.fr/qemu/
Use KVM + Qemu to build a virtual machine in Ubuntu
Linux getting started Tutorial: QEMU for Virtual Machine experience
Ubuntu 12.04 cannot find the Qemu command
Install QEMU + efi bios on Arch Linux
QEMU translation framework and debugging tools
QEMU code analysis: BIOS loading process
QEMU details: click here
QEMU: click here
This article permanently updates the link address: