Home > Vulnerability Database > CVE-2021-20203

Mend.io Vulnerability Database

CVE-2021-20203

Date: February 25, 2021

An integer overflow issue was found in the vmxnet3 NIC emulator of the QEMU for versions up to v5.2.0. It may occur if a guest was to supply invalid values for rx/tx queue size or other NIC parameters. A privileged guest user may use this flaw to crash the QEMU process on the host resulting in DoS scenario. After conducting further research, Mend has determined that all versions of masterlab up to version v2.1.7 are vulnerable to CVE-2020-23534.

Language: C

Severity Score

3.2

Related Resources (10)

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2021-20203

Url: https://lists.debian.org/debian-lts-announce/2021/04/msg00009.html

Url: https://security.gentoo.org/glsa/202208-27

Url: https://bugs.launchpad.net/qemu/+bug/1913873

Url: https://security-tracker.debian.org/tracker/CVE-2021-20203

Url: https://security.alpinelinux.org/vuln/CVE-2021-20203

Url: https://nvd.nist.gov/vuln/detail/CVE-2021-20203

Url: https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html

Url: https://bugzilla.redhat.com/show_bug.cgi?id=1922441

Url: https://www.mend.io/vulnerability-database/CVE-2021-20203

Severity Score

3.2

Weakness Type (CWE)

Integer Overflow or Wraparound

CWE-190

CVSS v3.1

Base Score:	3.2
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	HIGH
User Interaction (UI):	NONE
Scope (S):	CHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	LOW

CVSS v2

Base Score:	2.1
Access Vector (AV):	LOCAL
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	PARTIAL
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2021-20203

Date: February 25, 2021

Language: C

Severity Score

Related Resources (10)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?