CVE-2009-3616 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2009-3616 Interim 1 13 2024-02-18T02:03:12Z current 2021-05-30T12:48:46Z 2024-02-18T02:03:12Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2009-3616 Multiple use-after-free vulnerabilities in vnc.c in the VNC server in QEMU 0.10.6 and earlier might allow guest OS users to execute arbitrary code on the host OS by establishing a connection from a VNC client and then (1) disconnecting during data transfer, (2) sending a message using incorrect integer data types, or (3) using the Fuzzy Screen Mode protocol, related to double free vulnerabilities. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/VPDFKPL5XDSTKQPTEWYT3B75HSEKINME/#VPDFKPL5XDSTKQPTEWYT3B75HSEKINME E-Mail link for SUSE-SR:2009:019 https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Linux Enterprise Software Development Kit 11 SP4 SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Software Development Kit 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SUSE Linux Enterprise Software Development Kit 11 SP4 kvm-78.0.10.6-0.3.1 kvm-kmp-default-78.2.6.30.1_2.6.27.37_0.1-0.7.1 kvm-kmp-pae-78.2.6.30.1_2.6.27.37_0.1-0.7.1 qemu-0.10.1-0.5.7.1 kvm-78.0.10.6-0.3.1 as a component of SUSE Linux Enterprise Server 11 kvm-kmp-default-78.2.6.30.1_2.6.27.37_0.1-0.7.1 as a component of SUSE Linux Enterprise Server 11 kvm-kmp-pae-78.2.6.30.1_2.6.27.37_0.1-0.7.1 as a component of SUSE Linux Enterprise Server 11 kvm-78.0.10.6-0.3.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 kvm-kmp-default-78.2.6.30.1_2.6.27.37_0.1-0.7.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 kvm-kmp-pae-78.2.6.30.1_2.6.27.37_0.1-0.7.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 qemu-0.10.1-0.5.7.1 as a component of SUSE Linux Enterprise Software Development Kit 11 SP4 Multiple use-after-free vulnerabilities in vnc.c in the VNC server in QEMU 0.10.6 and earlier might allow guest OS users to execute arbitrary code on the host OS by establishing a connection from a VNC client and then (1) disconnecting during data transfer, (2) sending a message using incorrect integer data types, or (3) using the Fuzzy Screen Mode protocol, related to double free vulnerabilities. CVE-2009-3616 SUSE Linux Enterprise Server 11:kvm-78.0.10.6-0.3.1 SUSE Linux Enterprise Server 11:kvm-kmp-default-78.2.6.30.1_2.6.27.37_0.1-0.7.1 SUSE Linux Enterprise Server 11:kvm-kmp-pae-78.2.6.30.1_2.6.27.37_0.1-0.7.1 SUSE Linux Enterprise Server for SAP Applications 11:kvm-78.0.10.6-0.3.1 SUSE Linux Enterprise Server for SAP Applications 11:kvm-kmp-default-78.2.6.30.1_2.6.27.37_0.1-0.7.1 SUSE Linux Enterprise Server for SAP Applications 11:kvm-kmp-pae-78.2.6.30.1_2.6.27.37_0.1-0.7.1 SUSE Linux Enterprise Software Development Kit 11 SP4:qemu-0.10.1-0.5.7.1 critical 8.5 AV:N/AC:M/Au:S/C:C/I:C/A:C 9.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H