CVE-2017-15268

Опубликовано: 12 окт. 2017

Источник: debian

EPSS Низкий

Описание

Qemu through 2.10.0 allows remote attackers to cause a memory leak by triggering slow data-channel read operations, related to io/channel-websock.c.

Пакет	Статус	Версия исправления	Релиз	Тип
qemu	fixed	1:2.11+dfsg-1		package
qemu	not-affected		jessie	package
qemu	not-affected		wheezy	package
qemu-kvm	not-affected			package

https://lists.gnu.org/archive/html/qemu-devel/2017-10/msg02278.html
https://bugzilla.redhat.com/show_bug.cgi?id=1496879
https://bugs.launchpad.net/bugs/1718964
Fixed by: https://git.qemu.org/gitweb.cgi?p=qemu.git;a=commit;h=a7b20a8efa28e5f22c26c06cd06c2f12bc863493

EPSS

Процентиль: 73%

0.00781

Низкий

CVE-2017-15268

CVSS3: 7.5

ubuntu

больше 7 лет назад

Qemu through 2.10.0 allows remote attackers to cause a memory leak by triggering slow data-channel read operations, related to io/channel-websock.c.

CVE-2017-15268

CVSS3: 3

redhat

больше 7 лет назад

Qemu through 2.10.0 allows remote attackers to cause a memory leak by triggering slow data-channel read operations, related to io/channel-websock.c.

CVE-2017-15268

CVSS3: 7.5

nvd

больше 7 лет назад

Qemu through 2.10.0 allows remote attackers to cause a memory leak by triggering slow data-channel read operations, related to io/channel-websock.c.

GHSA-qjr3-vg76-3637

CVSS3: 7.5

github

около 3 лет назад

Qemu through 2.10.0 allows remote attackers to cause a memory leak by triggering slow data-channel read operations, related to io/channel-websock.c.

BDU:2019-04102

CVSS3: 7.5

fstec

больше 7 лет назад

Уязвимость компонента io/channel-websock.c эмулятора аппаратного обеспечения QEMU, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 73%

0.00781

Низкий