PT-2021-7914 · Oracle+2 · Virtualbox+2

Yi Ren

·

Published

2021-10-19

·

Updated

2023-08-07

·

CVE-2021-35542

CVSS v2.0

4.9

Medium

VectorAV:L/AC:L/Au:N/C:N/I:N/A:C
Name of the Vulnerable Software and Affected Versions Oracle VM VirtualBox versions prior to 6.1.28
Description The issue is related to a buffer overflow in the Core component of Oracle VM VirtualBox, which can be exploited to cause a denial of service. A high-privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes can compromise Oracle VM VirtualBox, resulting in the ability to cause a hang or frequently repeatable crash.
Recommendations For versions prior to 6.1.28, update to version 6.1.28 or later to resolve the issue. As a temporary workaround, consider restricting access to the Core component of Oracle VM VirtualBox to minimize the risk of exploitation.

Fix

Out of bounds Read

Weakness Enumeration

CWE-125

Related Identifiers

ALT-PU-2021-3169
ALT-PU-2021-3170
ALT-PU-2021-3171
ALT-PU-2021-3172
ALT-PU-2021-3173
ALT-PU-2021-3661
ALT-PU-2021-3662
ALT-PU-2021-3663
ALT-PU-2021-3664
ALT-PU-2021-3665
ALT-PU-2023-4088
ALT-PU-2023-4089
ALT-PU-2023-4090
ALT-PU-2023-4664
ALT-PU-2023-4665
ALT-PU-2023-4729
ALT-PU-2023-4730
BDU:2023-05307
CVE-2021-35542
MGASA-2021-0488
OPENSUSE-SU-2021:1393-1
OPENSUSE-SU-2021:1403-1
OPENSUSE-SU-2021_1393-1
OPENSUSE-SU-2021_1403-1

Affected Products

Alt Linux
Virtualbox
Suse