CVE-2011-4111

Name: CVE-2011-4111
Creator: NVD / NIST
Published: 2014-02-26T15:55:08.297+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 2.26%

Last modified Jun 16, 2026

CVE-2011-4111 is a vulnerability of currently unknown severity. Buffer overflow in the ccid_card_vscard_handle_message function in hw/ccid-card-passthru.c in QEMU before 0.15.2 and 1.x before 1.0-rc4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted VSC_ATR message.. EPSS estimates a 2.26% chance of exploitation in the next 30 days.

Description

Buffer overflow in the ccid_card_vscard_handle_message function in hw/ccid-card-passthru.c in QEMU before 0.15.2 and 1.x before 1.0-rc4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted VSC_ATR message.

Metrics

EPSS Probability

2.26%

80.7th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-119

Affected Software

Vendor	Product	Versions
Redhat	Enterprise Linux	6.0
Redhat	Enterprise Linux Server Supplementary	6.1.z
Qemu	Qemu	<= 0.15.1
Qemu	Qemu	0.15.0
Qemu	Qemu	1.0

References

Timeline

Published: Feb 26, 2014
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2011-4111?

How severe is CVE-2011-4111?

Severity scoring for CVE-2011-4111 is pending analysis. The EPSS model estimates a 2.26% probability of exploitation in the next 30 days.

How do I fix CVE-2011-4111?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2011-4111?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST