CVE-2016-7161

CRITICALNVD 9.89.8—

9.8

Heap-based buffer overflow in the .receive callback of xlnx.xps-ethernetlite in QEMU (aka Quick Emulator) allows attackers to execute arbitrary code on the QEMU host via a large ethlite packet.

CVSS v3: 9.8
EG Score: 9.8(medium)
EPSS: 95.0%
KEV: Not listed

Published

October 5, 2016

Last Modified

May 6, 2026

Advisory Details (8)

Auto-updated May 9, 2026

Patch available.

generic

QEMU · GitLab

http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=a0d1cbdacff5df4ded16b753b38fdd9da6092968

generic

QEMU: Multiple vulnerabilities (GLSA 201611-11) — Gentoo security

https://security.gentoo.org/glsa/201611-11

generic

Re: [Qemu-devel] [PULL 3/3] hw/net: Fix a heap overflow in xlnx.xps-ethe

https://lists.gnu.org/archive/html/qemu-devel/2016-08/msg01877.html

generic

Re: [Qemu-devel] [PATCH] hw/net: Fix a heap overflow in xlnx.xps-etherne

https://lists.gnu.org/archive/html/qemu-devel/2016-08/msg01598.html

generic Patch Available

[SECURITY] [DLA 1599-1] qemu security update

https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html

generic

http://www.securityfocus.com/bid/93141

generic

oss-security - Re: CVE request Qemu: hw: net: Fix a heap overflow in xlnx.xps-ethernetlite

http://www.openwall.com/lists/oss-security/2016/09/23/8

generic

oss-security - CVE request Qemu: hw: net: Fix a heap overflow in xlnx.xps-ethernetlite

http://www.openwall.com/lists/oss-security/2016/09/23/6

Frequently asked(5)

What is CVE-2016-7161?

CVE-2016-7161 is a critical vulnerability published on October 5, 2016. Heap-based buffer overflow in the .receive callback of xlnx.xps-ethernetlite in QEMU (aka Quick Emulator) allows attackers to execute arbitrary code on the QEMU host via a large ethlite packet.

When was CVE-2016-7161 disclosed?

CVE-2016-7161 was first published in the National Vulnerability Database on October 5, 2016, with the most recent update on May 6, 2026. EchelonGraph re-ingests CVE updates from NVD on a 2-hour cycle, so this page reflects the latest published state.

Is CVE-2016-7161 actively exploited?

CVE-2016-7161 is not currently on CISA's Known Exploited Vulnerabilities catalog. FIRST EPSS estimates a 95.0% percentile likelihood of exploitation in the next 30 days — higher percentiles indicate greater predicted risk.

What is the CVSS score of CVE-2016-7161?

CVE-2016-7161 has a CVSS v3 base score of 9.8 (NVD).

How do I remediate CVE-2016-7161?

Patch to the fixed version published by the affected vendor. Where vendor advisories exist for CVE-2016-7161, EchelonGraph cross-links them in the Vendor Advisories panel below — those typically contain the canonical remediation steps, fixed version numbers, and any vendor-specific mitigations.

Dependency Blast Radius

See which npm, PyPI, Go, and Maven packages are affected by CVE-2016-7161

Explore →

Is Your Infrastructure Affected by CVE-2016-7161?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.

Start Free Scan →Browse All CVEs

CVE-2016-7161

📅 Published

🔄 Last Modified

📋 Advisory Details (8)

QEMU · GitLab

QEMU: Multiple vulnerabilities (GLSA 201611-11) — Gentoo security

Re: [Qemu-devel] [PULL 3/3] hw/net: Fix a heap overflow in xlnx.xps-ethe

Re: [Qemu-devel] [PATCH] hw/net: Fix a heap overflow in xlnx.xps-etherne

[SECURITY] [DLA 1599-1] qemu security update

oss-security - Re: CVE request Qemu: hw: net: Fix a heap overflow in xlnx.xps-ethernetlite

oss-security - CVE request Qemu: hw: net: Fix a heap overflow in xlnx.xps-ethernetlite

❓ Frequently asked(5)

Dependency Blast Radius

Is Your Infrastructure Affected by CVE-2016-7161?

🔗 Related CVEs(same product + same vendor)

Same vendor

Published

Last Modified

Advisory Details (8)

Frequently asked(5)

Related CVEs(same product + same vendor)