Invalid Memory Copy Vulnerability in QEMU 4.0 and 4.1.0

Invalid Memory Copy Vulnerability in QEMU 4.0 and 4.1.0

CVE-2020-13765 · MEDIUM Severity

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

rom_copy() in hw/core/loader.c in QEMU 4.0 and 4.1.0 does not validate the relationship between two addresses, which allows attackers to trigger an invalid memory copy operation.

Learn more about our Web Application Penetration Testing UK.