Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2020-1711

Опубликовано: 11 фев. 2020
Источник: nvd
CVSS3: 7.7
CVSS3: 6
CVSS2: 6
EPSS Низкий

Описание

An out-of-bounds heap buffer access flaw was found in the way the iSCSI Block driver in QEMU versions 2.12.0 before 4.2.1 handled a response coming from an iSCSI server while checking the status of a Logical Address Block (LBA) in an iscsi_co_block_status() routine. A remote user could use this flaw to crash the QEMU process, resulting in a denial of service or potential execution of arbitrary code with privileges of the QEMU process on the host.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*
Версия от 2.12.0 (включая) до 4.2.1 (исключая)
Конфигурация 2

Одно из

cpe:2.3:a:redhat:openstack:10:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openstack:13:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
Конфигурация 3

Одно из

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
Конфигурация 4
cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*

EPSS

Процентиль: 70%
0.00669
Низкий

7.7 High

CVSS3

6 Medium

CVSS3

6 Medium

CVSS2

Дефекты

CWE-122
CWE-787

Связанные уязвимости

ubuntu логотип

CVE-2020-1711

CVSS3: 7.7
ubuntu
больше 5 лет назад

An out-of-bounds heap buffer access flaw was found in the way the iSCSI Block driver in QEMU versions 2.12.0 before 4.2.1 handled a response coming from an iSCSI server while checking the status of a Logical Address Block (LBA) in an iscsi_co_block_status() routine. A remote user could use this flaw to crash the QEMU process, resulting in a denial of service or potential execution of arbitrary code with privileges of the QEMU process on the host.

redhat логотип

CVE-2020-1711

CVSS3: 6
redhat
больше 5 лет назад

An out-of-bounds heap buffer access flaw was found in the way the iSCSI Block driver in QEMU versions 2.12.0 before 4.2.1 handled a response coming from an iSCSI server while checking the status of a Logical Address Block (LBA) in an iscsi_co_block_status() routine. A remote user could use this flaw to crash the QEMU process, resulting in a denial of service or potential execution of arbitrary code with privileges of the QEMU process on the host.

msrc логотип

CVE-2020-1711

CVSS3: 6
msrc
почти 5 лет назад

Описание отсутствует

debian логотип

CVE-2020-1711

CVSS3: 7.7
debian
больше 5 лет назад

An out-of-bounds heap buffer access flaw was found in the way the iSCS ...

github логотип

GHSA-8gvc-95pj-x5r8

CVSS3: 6
github
около 3 лет назад

An out-of-bounds heap buffer access flaw was found in the way the iSCSI Block driver in QEMU versions 2.x.x up to and including 2.12.0 handled a response coming from an iSCSI server while checking the status of a Logical Address Block (LBA) in an iscsi_co_block_status() routine. A remote user could use this flaw to crash the QEMU process, resulting in a denial of service or potential execution of arbitrary code with privileges of the QEMU process on the host.

EPSS

Процентиль: 70%
0.00669
Низкий

7.7 High

CVSS3

6 Medium

CVSS3

6 Medium

CVSS2

Дефекты

CWE-122
CWE-787