High severity8.8NVD Advisory· Published Oct 16, 2017· Updated May 13, 2026
CVE-2015-7504
CVE-2015-7504
Description
Heap-based buffer overflow in the pcnet_receive function in hw/net/pcnet.c in QEMU allows guest OS administrators to cause a denial of service (instance crash) or possibly execute arbitrary code via a series of packets in loopback mode.
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
13- www.openwall.com/lists/oss-security/2015/11/30/2nvdMailing ListPatchThird Party Advisory
- xenbits.xen.org/xsa/advisory-162.htmlnvdMitigationPatchVendor Advisory
- lists.gnu.org/archive/html/qemu-devel/2015-11/msg06342.htmlnvdMailing ListPatchThird Party Advisory
- security.gentoo.org/glsa/201602-01nvdPatchThird Party AdvisoryVDB Entry
- security.gentoo.org/glsa/201604-03nvdPatchThird Party AdvisoryVDB Entry
- rhn.redhat.com/errata/RHSA-2015-2694.htmlnvdThird Party Advisory
- rhn.redhat.com/errata/RHSA-2015-2695.htmlnvdThird Party Advisory
- rhn.redhat.com/errata/RHSA-2015-2696.htmlnvdThird Party Advisory
- www.debian.org/security/2016/dsa-3469nvdThird Party Advisory
- www.debian.org/security/2016/dsa-3470nvdThird Party Advisory
- www.debian.org/security/2016/dsa-3471nvdThird Party Advisory
- www.securityfocus.com/bid/78227nvdThird Party AdvisoryVDB Entry
- www.securitytracker.com/id/1034268nvdThird Party AdvisoryVDB Entry
News mentions
0No linked articles in our index yet.