How severe is CVE-2020-14364?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5 out of 10.

What type of vulnerability is CVE-2020-14364?

This is classified as CWE-125, which is a common weakness in software security.

CVE-2020-14364 - MEDIUM Severity | CVSS 5

Vulnerability Description

An out-of-bounds read/write access flaw was found in the USB emulator of the QEMU in versions before 5.2.0. This issue occurs while processing USB packets from a guest when USBDevice 'setup_len' exceeds its 'data_buf[4096]' in the do_token_in, do_token_out routines. This flaw allows a guest user to crash the QEMU process, resulting in a denial of service, or the potential execution of arbitrary code with the privileges of the QEMU process on the host.

Related Vulnerabilities

CVE-2016-7917

MEDIUM

CVSS:5.0(Medium)

The nfnetlink_rcv_batch function in net/netfilter/nfnetlink.c in the Linux kernel before 4.5 does not check whether a batch message's length field is large enough, which allows local users to obtain s...

CWE-1252016

CVE-2017-6437

MEDIUM

CVSS:5.0(Medium)

The base64encode function in base64.c in libimobiledevice libplist 1.12 allows local users to cause a denial of service (out-of-bounds read) via a crafted plist file.

CWE-1252017

CVE-2018-19020

MEDIUM

CVSS:5.0(Medium)

When CX-Supervisor (Versions 3.42 and prior) processes project files and tampers with the value of an offset, an attacker can force the application to read a value outside of an array.

CWE-1252018

CVE-2019-2039

MEDIUM

CVSS:5.0(Medium)

In rw_i93_sm_detect_ndef of rw_i93.cc, there is a possible out-of-bound read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges need...

CWE-1252019

CVE-2019-2040

MEDIUM

CVSS:5.0(Medium)

In rw_i93_process_ext_sys_info of rw_i93.cc, there is a possible out-of-bound read due to a missing bounds check. This could lead to local information disclosure with no additional execution privilege...

CWE-1252019

CVE-2019-9235

MEDIUM

CVSS:5.0(Medium)

In NFC, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed...

CWE-1252019