<p>Upgrade <code>Debian:unstable</code> <code>qemu</code> to version 0.9.0-2 or higher.</p>

Out-of-bounds Write Affecting qemu package, versions <0.9.0-2

Snyk CVSS

Attack Complexity Low

Confidentiality High

Integrity High

Availability High

Threat Intelligence

EPSS 0.04% (10^th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk ID SNYK-DEBIANUNSTABLE-QEMU-428308
published 30 Oct 2007
disclosed 30 Oct 2007

Report a new vulnerability Found a mistake?

Introduced: 30 Oct 2007

CVE-2007-5730 Open this link in a new tab CWE-787 Open this link in a new tab

How to fix?

Upgrade Debian:unstable qemu to version 0.9.0-2 or higher.

NVD Description

Note: Versions mentioned in the description apply only to the upstream qemu package and not the qemu package as distributed by Debian. See How to fix? for Debian:unstable relevant fixed versions and status.

Heap-based buffer overflow in QEMU 0.8.2, as used in Xen and possibly other products, allows local users to execute arbitrary code via crafted data in the "net socket listen" option, aka QEMU "net socket" heap overflow. NOTE: some sources have used CVE-2007-1321 to refer to this issue as part of "NE2000 network driver and the socket code," but this is the correct identifier for the individual net socket listen vulnerability.