CVE-2011-4111

Buffer overflow in the ccid_card_vscard_handle_message function in hw/ccid-card-passthru.c in QEMU before 0.15.2 and 1.x before 1.0-rc4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted VSC_ATR message.

Published: Feb 26, 2014
Updated: Apr 13, 2023
CVE: CVE-2011-4111
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 6.8
AV:A/AC:H/Au:N/C:C/I:C/A:C

CWEs:

CWE-119

Affected Software
References

Software	From	Fixed in
redhat / enterprise_linux_server_supplementary	6.1.z	6.1.z.x
redhat / enterprise_linux	6.0	6.0.x
qemu / qemu	1.0-rc1	1.0-rc1.x
qemu / qemu	1.0-rc2	1.0-rc2.x
qemu / qemu	1.0	1.0.x
qemu / qemu	0.15.0	0.15.0.x
qemu / qemu	1.0-rc3	1.0-rc3.x
qemu / qemu	0.15.0-rc1	0.15.0-rc1.x
qemu / qemu	-	0.15.1.x
qemu / qemu	0.15.0-rc2	0.15.0-rc2.x

http://git.qemu.org/?p=qemu-stable-0.15.git%3Ba=log
http://git.qemu.org/?p=qemu.git%3Ba=log%3Bh=refs/heads/stable-1.0
http://rhn.redhat.com/errata/RHSA-2011-1777.html
http://rhn.redhat.com/errata/RHSA-2011-1801.html
https://bugzilla.redhat.com/show_bug.cgi?id=751310

Vulnerability Database

289,697

CVE-2011-4111