CVE-2021-3507: Buffer Overflow
First published: Mon Apr 19 2021(Updated: )
A heap buffer overflow was found in the floppy disk emulator of QEMU u ...
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| QEMU | <=6.0.0 | |
| Debian | =10.0 | |
| Red Hat Enterprise Linux | =8.0 | |
| Red Hat Enterprise Linux | =8.0 | |
| debian/qemu | <=1:5.2+dfsg-11+deb11u2 | 1:5.2+dfsg-11+deb11u3 1:7.2+dfsg-7+deb12u12 1:9.2.1+ds-1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/show_bug.cgi?id=1951118
- https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html
- https://security.netapp.com/advisory/ntap-20210528-0005/
- https://launchpad.net/bugs/cve/CVE-2021-3507
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1951175
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1960575
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1951118#c10
- https://gitlab.com/qemu-project/qemu/-/issues/338
- https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg07779.html
- https://lists.nongnu.org/archive/html/qemu-devel/2021-01/msg05986.html
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1951118#c11
- https://gitlab.com/qemu-project/qemu/-/commit/defac5e2fbddf8423a354ff0454283a2115e1367
- https://gitlab.com/qemu-project/qemu/-/commit/46609b90d9e3a6304def11038a76b58ff43f77bc
- https://access.redhat.com/errata/RHSA-2022:7472
- https://access.redhat.com/errata/RHSA-2022:7967
- https://access.redhat.com/security/cve/cve-2021-3507
- https://security-tracker.debian.org/tracker/CVE-2021-3507
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3507
- https://nvd.nist.gov/vuln/detail/CVE-2021-3507
- https://ubuntu.com/security/CVE-2021-3507
Frequently Asked Questions
What is the vulnerability ID for this heap buffer overflow in QEMU?
The vulnerability ID is CVE-2021-3507.
In which version of QEMU does this heap buffer overflow vulnerability exist?
This heap buffer overflow vulnerability exists in QEMU up to version 6.0.0 (including).
What is the severity rating of CVE-2021-3507?
CVE-2021-3507 has a severity rating of 6.1 (Medium).
How does this heap buffer overflow vulnerability in QEMU impact the system?
This heap buffer overflow vulnerability in QEMU could allow a privileged guest user to crash the QEMU process.
Are there any known solutions or fixes for CVE-2021-3507?
Yes, you can find more information about available remedies or fixes for CVE-2021-3507 in the provided references.
- agent/type
- agent/first-publish-date
- collector/launchpad-cve
- source/Launchpad
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2021-3507
- agent/severity
- agent/remedy
- agent/weakness
- collector/mitre-cve
- source/MITRE
- collector/usn-cve
- source/Ubuntu
- agent/references
- agent/last-modified-date
- agent/trending
- agent/source
- agent/author
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-index
- agent/description
- agent/softwarecombine
- agent/tags
- agent/event
- collector/security-tracker-debian
- source/Debian
- vendor/qemu
- canonical/qemu
- version/qemu/6.0.0
- vendor/debian
- canonical/debian
- version/debian/10.0
- vendor/redhat
- canonical/red hat enterprise linux
- version/red hat enterprise linux/8.0
- package-manager/debian