Description
The sosendto function in slirp/udp.c in QEMU before 2.1.2 allows local users to cause a denial of service (NULL pointer dereference) by sending a udp packet with a value of 0 in the source port and address, which triggers access of an uninitialized socket.
References (9)
Core 9
Core References
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2014/dsa-3045
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=1144818
Third Party Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2015-0624.html
Third Party Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2015-0349.html
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2014/dsa-3044
Patch, Vendor Advisory mailing-list
x_refsource_mlist
http://lists.nongnu.org/archive/html/qemu-devel/2014-09/msg04598.html
Patch, Vendor Advisory mailing-list
x_refsource_mlist
http://lists.nongnu.org/archive/html/qemu-devel/2014-09/msg03543.html
Patch, Vendor Advisory mailing-list
x_refsource_mlist
http://lists.nongnu.org/archive/html/qemu-devel/2014-09/msg04707.html
Third Party Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2409-1
Scores
EPSS
0.0006
EPSS Percentile
18.4%
Details
CWE
CWE-476
Status
published
Products (13)
canonical/ubuntu_linux
10.04
canonical/ubuntu_linux
12.04
canonical/ubuntu_linux
14.04
canonical/ubuntu_linux
14.10
debian/debian_linux
7.0
qemu/qemu
2.0.0 (5 CPE variants)
qemu/qemu
2.0.2
qemu/qemu
2.1.0 (6 CPE variants)
qemu/qemu
2.1.1
redhat/enterprise_linux_desktop
7.0
... and 3 more
Published
Nov 07, 2014
Tracked Since
Feb 18, 2026