CVE-2015-5279

Description

Heap-based buffer overflow in the ne2000_receive function in hw/net/ne2000.c in QEMU before 2.4.0.1 allows guest OS users to cause a denial of service (instance crash) or possibly execute arbitrary code via vectors related to receiving packets.

How to fix CVE-2015-5279

To remediate CVE-2015-5279, upgrade the affected package to a fixed version below.

• Debian/qemu—upgrade to 1:2.4+dfsg-3 or later

Is CVE-2015-5279 being exploited?

Moderate — EPSS is 10.2%. Track this CVE but it's not at the top of the prioritisation list.

Affected packages (1)

• from 0, < 1:2.4+dfsg-3

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2015-5279