CVE-2017-10664

Опубликовано: 11 июн. 2017

Источник: redhat

CVSS3: 5.3

CVSS2: 5

EPSS Низкий

Описание

qemu-nbd in QEMU (aka Quick Emulator) does not ignore SIGPIPE, which allows remote attackers to cause a denial of service (daemon crash) by disconnecting during a server-to-client reply attempt.

Quick Emulator (QEMU) built with the Network Block Device (NBD) Server support is vulnerable to a crash via a SIGPIPE signal. The crash can occur if a client aborts a connection due to any failure during negotiation or read operation. A remote user/process could use this flaw to crash the qemu-nbd server resulting in a Denial of Service (DoS).

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 5	kvm	Not affected
Red Hat Enterprise Linux 5	xen	Not affected
Red Hat Enterprise Linux 6	qemu-kvm	Not affected
Red Hat Enterprise Linux OpenStack Platform 5 (Icehouse)	qemu-kvm-rhev	Will not fix
Red Hat OpenStack Platform 12 (Pike)	qemu-kvm-rhev	Not affected
Red Hat Enterprise Linux 7	qemu-kvm	Fixed	RHSA-2017:2445	08.08.2017
Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7	qemu-kvm-rhev	Fixed	RHSA-2017:3473	14.12.2017
Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7	qemu-kvm-rhev	Fixed	RHSA-2017:3472	14.12.2017
Red Hat OpenStack Platform 10.0 (Newton)	qemu-kvm-rhev	Fixed	RHSA-2017:3474	14.12.2017
Red Hat OpenStack Platform 11.0 (Ocata)	qemu-kvm-rhev	Fixed	RHSA-2017:3466	14.12.2017

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-248

https://bugzilla.redhat.com/show_bug.cgi?id=1466190Qemu: qemu-nbd: server breaks with SIGPIPE upon client abort

EPSS

Процентиль: 89%

0.05034

Низкий

5.3 Medium

CVSS3

5 Medium

CVSS2

Связанные уязвимости

CVE-2017-10664

CVSS3: 7.5

ubuntu

больше 8 лет назад

qemu-nbd in QEMU (aka Quick Emulator) does not ignore SIGPIPE, which allows remote attackers to cause a denial of service (daemon crash) by disconnecting during a server-to-client reply attempt.

CVE-2017-10664

CVSS3: 7.5

nvd

больше 8 лет назад

qemu-nbd in QEMU (aka Quick Emulator) does not ignore SIGPIPE, which allows remote attackers to cause a denial of service (daemon crash) by disconnecting during a server-to-client reply attempt.

CVE-2017-10664

CVSS3: 7.5

debian

больше 8 лет назад

qemu-nbd in QEMU (aka Quick Emulator) does not ignore SIGPIPE, which a ...

GHSA-79rh-2xp8-h9rm

CVSS3: 7.5

github

больше 3 лет назад

qemu-nbd in QEMU (aka Quick Emulator) does not ignore SIGPIPE, which allows remote attackers to cause a denial of service (daemon crash) by disconnecting during a server-to-client reply attempt.

ELSA-2017-2445

oracle-oval

больше 8 лет назад

ELSA-2017-2445: qemu-kvm security update (MODERATE)

EPSS

Процентиль: 89%

0.05034

Низкий

5.3 Medium

CVSS3

5 Medium

CVSS2