NVD Vulnerability Detail

CVE-2014-0144

Summary	QEMU before 2.0.0 block drivers for CLOOP, QCOW2 version 2 and various other image formats are vulnerable to potential memory corruptions, integer/buffer overflows or crash caused by missing input validations which could allow a remote user to execute arbitrary code on the host with the privileges of the QEMU process.
Publication Date	Sept. 29, 2022, 12:15 p.m.
Registration Date	Sept. 29, 2022, 4:01 p.m.
Last Update	Nov. 21, 2024, 11:01 a.m.

CVSS3.1 : HIGH
スコア	8.6
Vector	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
攻撃元区分(AV)	ローカル
攻撃条件の複雑さ(AC)	低
攻撃に必要な特権レベル(PR)	不要
利用者の関与(UI)	要
影響の想定範囲(S)	変更あり
機密性への影響(C)	高
完全性への影響(I)	高
可用性への影響(A)	高

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:a:qemu:qemu::::::::					2.0.0

Configuration2	or higher	or less	more than	less than
cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_tus:6.5:::::::*
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
cpe:2.3:a:redhat:virtualization:3.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_eus:6.5:::::::*
cpe:2.3:o:redhat:enterprise_linux_openstack_platform:5:::::::*

Related information, measures and tools

No	URL	タグ
1	http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=24342f2cae47d03911e346fe1e520b00dc2818e0
2	http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=24342f2cae47d03911e346fe1e520b00dc2818e0
3	http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=2d51c32c4b511db8bb9e58208f1e2c25e4c06c85
4	http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=2d51c32c4b511db8bb9e58208f1e2c25e4c06c85
5	http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=5dab2faddc8eaa1fb1abdbe2f502001fc13a1b21
6	http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=5dab2faddc8eaa1fb1abdbe2f502001fc13a1b21
7	http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=63fa06dc978f3669dbfd9443b33cde9e2a7f4b41
8	http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=63fa06dc978f3669dbfd9443b33cde9e2a7f4b41
9	http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=6d4b9e55fc625514a38d27cff4b9933f617fa7dc
10	http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=6d4b9e55fc625514a38d27cff4b9933f617fa7dc
11	http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=7b103b36d6ef3b11827c203d3a793bf7da50ecd6
12	http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=7b103b36d6ef3b11827c203d3a793bf7da50ecd6
13	http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=97f1c45c6f456572e5b504b8614e4a69e23b8e3a
14	http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=97f1c45c6f456572e5b504b8614e4a69e23b8e3a
15	http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=a1b3955c9415b1e767c130a2f59fee6aa28e575b
16	http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=a1b3955c9415b1e767c130a2f59fee6aa28e575b
17	http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=ce48f2f441ca98885267af6fd636a7cb804ee646
18	http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=ce48f2f441ca98885267af6fd636a7cb804ee646
19	http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=d65f97a82c4ed48374a764c769d4ba1ea9724e97
20	http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=d65f97a82c4ed48374a764c769d4ba1ea9724e97
21	http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=f56b9bc3ae20fc93815b34aa022be919941406ce
22	http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=f56b9bc3ae20fc93815b34aa022be919941406ce
23	http://rhn.redhat.com/errata/RHSA-2014-0420.html	Third Party Advisory
24	http://rhn.redhat.com/errata/RHSA-2014-0420.html	Third Party Advisory
25	http://rhn.redhat.com/errata/RHSA-2014-0421.html	Third Party Advisory
26	http://rhn.redhat.com/errata/RHSA-2014-0421.html	Third Party Advisory
27	https://bugzilla.redhat.com/show_bug.cgi?id=1079240	Issue Tracking Patch Third Party Advisory
28	https://bugzilla.redhat.com/show_bug.cgi?id=1079240	Issue Tracking Patch Third Party Advisory
29	https://www.vulnerabilitycenter.com/#%21vul=44767
30	https://www.vulnerabilitycenter.com/#%21vul=44767

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-20	不適切な入力確認	https://cwe.mitre.org/data/definitions/20.html

JVN Vulnerability Information

Fabrice Bellard の QEMU 他複数ベンダの製品における入力確認に関する脆弱性

Title	Fabrice Bellard の QEMU 他複数ベンダの製品における入力確認に関する脆弱性
Summary	Fabrice Bellard の QEMU 他複数ベンダの製品には、入力確認に関する脆弱性が存在します。
Possible impacts	情報を取得される、情報を改ざんされる、およびサービス運用妨害 (DoS) 状態にされる可能性があります。
Solution	ベンダアドバイザリまたはパッチ情報が公開されています。参考情報を参照して適切な対策を実施してください。
Publication Date	Sept. 29, 2022, midnight
Registration Date	Oct. 18, 2023, 5:14 p.m.
Last Update	Oct. 18, 2023, 5:14 p.m.

Affected System

レッドハット

enterprise linux openstack platform 5

Red Hat Enterprise Linux Desktop 6.0

Red Hat Enterprise Linux EUS 6.5

Red Hat Enterprise Linux Server 6.0

Red Hat Enterprise Linux Server AUS 6.5

Red Hat Enterprise Linux Server TUS 6.5

Red Hat Enterprise Linux Workstation 6.0

Red Hat Virtualization 3.0

Fabrice Bellard

QEMU 2.0.0 未満

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2014-0144	https://www.cve.org/CVERecord?id=CVE-2014-0144
National Vulnerability Database (NVD)
2	CVE-2014-0144	https://nvd.nist.gov/vuln/detail/CVE-2014-0144

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-20	https://jvndb.jvn.jp/ja/cwe/CWE-20.html

その他

No	Name	URL
関連文書
1	bugzilla.redhat.com (1079240)	https://bugzilla.redhat.com/show_bug.cgi?id=1079240
2	git.qemu.org (p=qemu.git;a=commit;h=24342f2cae47d03911e346fe1e520b00dc2818e0)	http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=24342f2cae47d03911e346fe1e520b00dc2818e0
3	git.qemu.org (p=qemu.git;a=commit;h=2d51c32c4b511db8bb9e58208f1e2c25e4c06c85)	http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=2d51c32c4b511db8bb9e58208f1e2c25e4c06c85
4	git.qemu.org (p=qemu.git;a=commit;h=5dab2faddc8eaa1fb1abdbe2f502001fc13a1b21)	http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=5dab2faddc8eaa1fb1abdbe2f502001fc13a1b21
5	git.qemu.org (p=qemu.git;a=commit;h=63fa06dc978f3669dbfd9443b33cde9e2a7f4b41)	http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=63fa06dc978f3669dbfd9443b33cde9e2a7f4b41
6	git.qemu.org (p=qemu.git;a=commit;h=6d4b9e55fc625514a38d27cff4b9933f617fa7dc)	http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=6d4b9e55fc625514a38d27cff4b9933f617fa7dc
7	git.qemu.org (p=qemu.git;a=commit;h=7b103b36d6ef3b11827c203d3a793bf7da50ecd6)	http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=7b103b36d6ef3b11827c203d3a793bf7da50ecd6
8	git.qemu.org (p=qemu.git;a=commit;h=97f1c45c6f456572e5b504b8614e4a69e23b8e3a)	http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=97f1c45c6f456572e5b504b8614e4a69e23b8e3a
9	git.qemu.org (p=qemu.git;a=commit;h=a1b3955c9415b1e767c130a2f59fee6aa28e575b)	http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=a1b3955c9415b1e767c130a2f59fee6aa28e575b
10	git.qemu.org (p=qemu.git;a=commit;h=ce48f2f441ca98885267af6fd636a7cb804ee646)	http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=ce48f2f441ca98885267af6fd636a7cb804ee646
11	git.qemu.org (p=qemu.git;a=commit;h=d65f97a82c4ed48374a764c769d4ba1ea9724e97)	http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=d65f97a82c4ed48374a764c769d4ba1ea9724e97
12	git.qemu.org (p=qemu.git;a=commit;h=f56b9bc3ae20fc93815b34aa022be919941406ce)	http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=f56b9bc3ae20fc93815b34aa022be919941406ce
13	rhn.redhat.com (RHSA-2014-0420)	http://rhn.redhat.com/errata/RHSA-2014-0420.html
14	rhn.redhat.com (RHSA-2014-0421)	http://rhn.redhat.com/errata/RHSA-2014-0421.html
15	www.vulnerabilitycenter.com (#!vul=44767)	https://www.vulnerabilitycenter.com/#%21vul=44767

Change Log

No	Changed Details	Date of change
1	[2023年10月18日] 掲載	Oct. 18, 2023, 5:14 p.m.

Configuration2	or higher	or less	more than	less than
cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_tus:6.5:::::::*
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
cpe:2.3:a:redhat:virtualization:3.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_eus:6.5:::::::*
cpe:2.3:o:redhat:enterprise_linux_openstack_platform:5:::::::*