Buffer Overflow Vulnerability in QEMU's esp_reg_read and esp_reg_write Functions

Buffer Overflow Vulnerability in QEMU's esp_reg_read and esp_reg_write Functions

CVE-2016-5338 · HIGH Severity

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

The (1) esp_reg_read and (2) esp_reg_write functions in hw/scsi/esp.c in QEMU allow local guest OS administrators to cause a denial of service (QEMU process crash) or execute arbitrary code on the QEMU host via vectors related to the information transfer buffer.

Learn more about our Web Application Penetration Testing UK.