製品・ソフトウェアに関する情報

Vulnerability Search

ベンダー検索

Product/Service Search

JVN Vulnerability Search Top

->

JVN脆弱性詳細

QEMU における境界外読み取りに関する脆弱性

Title	QEMU における境界外読み取りに関する脆弱性
Summary	QEMU には、境界外読み取りに関する脆弱性が存在します。
Possible impacts	情報を取得される、およびサービス運用妨害 (DoS) 状態にされる可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	Nov. 18, 2020, midnight
Registration Date	Oct. 11, 2021, 5:58 p.m.
Last Update	Oct. 11, 2021, 5:58 p.m.

CVSS3.0 : 低
Score	3.9
Vector	CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:L

CVSS2.0 : 注意
Score	3.3
Vector	AV:L/AC:M/Au:N/C:P/I:N/A:P

Affected System

Debian

Debian GNU/Linux

Fabrice Bellard

QEMU 5.1.0

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2020-29443	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29443
National Vulnerability Database (NVD)
2	CVE-2020-29443	https://nvd.nist.gov/vuln/detail/CVE-2020-29443
Openwall
3	CVE-2020-29443 QEMU: ide: atapi: OOB access while processing read commands	https://www.openwall.com/lists/oss-security/2021/01/18/2

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-125	https://cwe.mitre.org/data/definitions/125.html

ベンダー情報

No	Name	URL
Debian
1	[SECURITY] [DLA 2560-1] qemu security update	https://lists.debian.org/debian-lts-announce/2021/02/msg00024.html
Qemu-devel
2	[PATCH] ide:atapi: check io_buffer_index in ide_atapi_cmd_reply_end	https://lists.nongnu.org/archive/html/qemu-devel/2020-11/msg04685.html

Change Log

No	Changed Details	Date of change
1	[2021年10月11日] 掲載	Oct. 11, 2021, 5:58 p.m.

NVD Vulnerability Information

CVE-2020-29443

Summary	ide_atapi_cmd_reply_end in hw/ide/atapi.c in QEMU 5.1.0 allows out-of-bounds read access because a buffer index is not validated.
Publication Date	Jan. 27, 2021, 3:15 a.m.
Registration Date	Jan. 27, 2021, 12:09 p.m.
Last Update	Nov. 21, 2024, 2:24 p.m.

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:a:qemu:qemu:5.1.0:-::::::

Configuration2		or higher	or less	more than	less than
cpe:2.3:o:debian:debian_linux:9.0:::::::*
cpe:2.3:o:debian:debian_linux:10.0:::::::*

Related information, measures and tools

No	URL	refsource	タグ
1	http://www.openwall.com/lists/oss-security/2021/01/18/2		Mailing List Patch Third Party Advisory
2	http://www.openwall.com/lists/oss-security/2021/01/18/2		Mailing List Patch Third Party Advisory
3	https://lists.debian.org/debian-lts-announce/2021/02/msg00024.html		Mailing List Third Party Advisory
4	https://lists.debian.org/debian-lts-announce/2021/02/msg00024.html		Mailing List Third Party Advisory
5	https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html		Mailing List Third Party Advisory
6	https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html		Mailing List Third Party Advisory
7	https://lists.nongnu.org/archive/html/qemu-devel/2020-11/msg04685.html		Mailing List Patch Third Party Advisory
8	https://lists.nongnu.org/archive/html/qemu-devel/2020-11/msg04685.html		Mailing List Patch Third Party Advisory
9	https://security.netapp.com/advisory/ntap-20210304-0003/		Third Party Advisory
10	https://security.netapp.com/advisory/ntap-20210304-0003/		Third Party Advisory

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-125	境界外読み取り	https://cwe.mitre.org/data/definitions/125.html