Home

CVE-2016-9603

Description

A heap buffer overflow flaw was found in QEMUs Cirrus CLGD 54xx VGA emulators VNC display driver support before 2.9; the issue could occur when a VNC client attempted to update its display after a VGA operation is performed by a guest. A privileged user/process inside a guest could use this flaw to crash the QEMU process or, potentially, execute arbitrary code on the host with privileges of the QEMU process.

Risk Information

Base Score
9.9
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
EPSS Score
Exploitation Probability
1.587

Associated Vulnerability

VulnerabilityOS Platform
Multiple Vulnerabilities are affected in Citrix XenCenter 6.0.2Windows
Multiple Vulnerabilities are affected in Citrix XenCenter 6.2.0Windows
Multiple Vulnerabilities are affected in Citrix XenCenter 6.5Windows
Multiple Vulnerabilities are affected in Citrix XenCenter 7.0Windows
Multiple Vulnerabilities are affected in Citrix XenCenter 7.1Windows
Machine emulator and virtualizer (USN-3268-1) qemu_2.8+dfsg-3ubuntu2.1_i386.debLinux
Machine emulator and virtualizer (USN-3268-1) qemu_2.8+dfsg-3ubuntu2.1_amd64.debLinux
Machine emulator and virtualizer (USN-3268-1) qemu-system_2.8+dfsg-3ubuntu2.1_i386.debLinux
Machine emulator and virtualizer (USN-3268-1) qemu-system_2.8+dfsg-3ubuntu2.1_amd64.debLinux
SUSE-SU-2017:1147-1(SUSE Linux Enterprise Desktop 12-SP1 ) xen-4.5.5_10-22.14.1.x86_64.rpmLinux
SUSE-SU-2017:1147-1(SUSE Linux Enterprise Desktop 12-SP1 ) xen-debugsource-4.5.5_10-22.14.1.x86_64.rpmLinux
SUSE-SU-2017:1147-1(SUSE Linux Enterprise Server 12-SP1 ) xen-doc-html-4.5.5_10-22.14.1.x86_64.rpmLinux
SUSE-SU-2017:1147-1(SUSE Linux Enterprise Desktop 12-SP1 ) xen-kmp-default-4.5.5_10_k3.12.69_60.64.35-22.14.1.x86_64.rpmLinux
SUSE-SU-2017:1147-1(SUSE Linux Enterprise Desktop 12-SP1 ) xen-kmp-default-debuginfo-4.5.5_10_k3.12.69_60.64.35-22.14.1.x86_64.rpmLinux
SUSE-SU-2017:1147-1(SUSE Linux Enterprise Desktop 12-SP1 ) xen-libs-4.5.5_10-22.14.1.x86_64.rpmLinux
SUSE-SU-2017:1147-1(SUSE Linux Enterprise Desktop 12-SP1 ) xen-libs-32bit-4.5.5_10-22.14.1.x86_64.rpmLinux
SUSE-SU-2017:1147-1(SUSE Linux Enterprise Desktop 12-SP1 ) xen-libs-debuginfo-4.5.5_10-22.14.1.x86_64.rpmLinux
SUSE-SU-2017:1147-1(SUSE Linux Enterprise Desktop 12-SP1 ) xen-libs-debuginfo-32bit-4.5.5_10-22.14.1.x86_64.rpmLinux
SUSE-SU-2017:1147-1(SUSE Linux Enterprise Server 12-SP1 ) xen-tools-4.5.5_10-22.14.1.x86_64.rpmLinux
SUSE-SU-2017:1147-1(SUSE Linux Enterprise Server 12-SP1 ) xen-tools-debuginfo-4.5.5_10-22.14.1.x86_64.rpmLinux
SUSE-SU-2017:1147-1(SUSE Linux Enterprise Server 12-SP1 ) xen-tools-domU-4.5.5_10-22.14.1.x86_64.rpmLinux
SUSE-SU-2017:1147-1(SUSE Linux Enterprise Server 12-SP1 ) xen-tools-domU-debuginfo-4.5.5_10-22.14.1.x86_64.rpmLinux
Heap-based Buffer Overflow Vulnerability (CVE-2016-9603)NCM

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234