QEMU mipsnet_receive Function Buffer Overflow Vulnerability (CVE-2016-4002)

QEMU mipsnet_receive Function Buffer Overflow Vulnerability (CVE-2016-4002)
QEMU mipsnet_receive Function Buffer Overflow Vulnerability (CVE-2016-4002)

Release date:
Updated on:

Affected Systems:

QEMU

Description:

CVE (CAN) ID: CVE-2016-4002

QEMU is an open source simulator software.

QEMU hw/net/mipsnet. in c, the mipsnet_receive function has a buffer overflow vulnerability. After the client NIC is configured to accept large data packets, remote attackers can use a data packet larger than 1514 bytes, resulting in DOS or arbitrary code execution.

<* Source: Prasad J Pandit
*>

Suggestion:

Vendor patch:

QEMU
----
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Https://lists.gnu.org/archive/html/qemu-devel/2016-04/msg01131.html
Http://fabrice.bellard.free.fr/qemu/

Use KVM + Qemu to build a virtual machine in Ubuntu

Linux getting started Tutorial: QEMU for Virtual Machine experience

Ubuntu 12.04 cannot find the Qemu command

Install QEMU + efi bios on Arch Linux

QEMU translation framework and debugging tools

QEMU code analysis: BIOS loading process

QEMU details: click here
QEMU: click here

This article permanently updates the link address: