Back to search
CVE-2009-3616
Published: Oct 23, 2009
Modified: Aug 7, 2024
PUBLISHED
Description
Multiple use-after-free vulnerabilities in vnc.c in the VNC server in QEMU 0.10.6 and earlier might allow guest OS users to execute arbitrary code on the host OS by establishing a connection from a VNC client and then (1) disconnecting during data transfer, (2) sending a message using incorrect integer data types, or (3) using the Fuzzy Screen Mode protocol, related to double free vulnerabilities.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
https://bugzilla.redhat.com/show_bug.cgi?id=501131
x_refsource_CONFIRM
http://git.savannah.gnu.org/cgit/qemu.git/commit/?id=753b405331
x_refsource_CONFIRM
[oss-security] 20091016 Re: QEMU VNC use-after-free
mailing-list
x_refsource_MLIST
http://git.savannah.gnu.org/cgit/qemu.git/commit/?id=198a0039c5
x_refsource_CONFIRM
[qemu-devel] 20090525 Re: [STABLE] [BUG] VNC mode can crash QEMU
mailing-list
x_refsource_MLIST
https://bugzilla.redhat.com/show_bug.cgi?id=508567
x_refsource_CONFIRM
36716
vdb-entry
x_refsource_BID
http://rhn.redhat.com/errata/RHEA-2009-1272.html
x_refsource_CONFIRM
[oss-security] 20091016 QEMU VNC use-after-free
mailing-list
x_refsource_MLIST
https://bugzilla.redhat.com/show_bug.cgi?id=505641
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now