Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2017-13711

Опубликовано: 03 авг. 2017
Источник: redhat
CVSS3: 3.4
CVSS2: 2.9
EPSS Низкий

Описание

Use-after-free vulnerability in the sofree function in slirp/socket.c in QEMU (aka Quick Emulator) allows attackers to cause a denial of service (QEMU instance crash) by leveraging failure to properly clear ifq_so from pending packets.

A use-after-free issue was found in the Slirp networking implementation of the Quick emulator (QEMU). It occurs when a Socket referenced from multiple packets is freed while responding to a message. A user/process could use this flaw to crash the QEMU process on the host resulting in denial of service.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5kvmWill not fix
Red Hat Enterprise Linux 5xenNot affected
Red Hat Enterprise Linux 6qemu-kvmAffected
Red Hat Enterprise Linux OpenStack Platform 5 (Icehouse)qemu-kvm-rhevWill not fix
Red Hat Enterprise Linux OpenStack Platform 6 (Juno)qemu-kvm-rhevWill not fix
Red Hat Enterprise Linux OpenStack Platform 7 (Kilo)qemu-kvm-rhevWill not fix
Red Hat Enterprise Linux 7qemu-kvmFixedRHSA-2018:081610.04.2018
Red Hat OpenStack Platform 10.0 (Newton)qemu-kvm-rhevFixedRHSA-2018:111311.04.2018
Red Hat OpenStack Platform 11.0 (Ocata)qemu-kvm-rhevFixedRHSA-2018:111311.04.2018
Red Hat OpenStack Platform 12.0 (Pike)qemu-kvm-rhevFixedRHSA-2018:111311.04.2018

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-416
https://bugzilla.redhat.com/show_bug.cgi?id=1486400QEMU: Slirp: use-after-free when sending response

EPSS

Процентиль: 76%
0.01042
Низкий

3.4 Low

CVSS3

2.9 Low

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2017-13711

CVSS3: 7.5
ubuntu
почти 8 лет назад

Use-after-free vulnerability in the sofree function in slirp/socket.c in QEMU (aka Quick Emulator) allows attackers to cause a denial of service (QEMU instance crash) by leveraging failure to properly clear ifq_so from pending packets.

nvd логотип

CVE-2017-13711

CVSS3: 7.5
nvd
почти 8 лет назад

Use-after-free vulnerability in the sofree function in slirp/socket.c in QEMU (aka Quick Emulator) allows attackers to cause a denial of service (QEMU instance crash) by leveraging failure to properly clear ifq_so from pending packets.

debian логотип

CVE-2017-13711

CVSS3: 7.5
debian
почти 8 лет назад

Use-after-free vulnerability in the sofree function in slirp/socket.c ...

github логотип

GHSA-x5xc-9jvw-6v9f

CVSS3: 7.5
github
около 3 лет назад

Use-after-free vulnerability in the sofree function in slirp/socket.c in QEMU (aka Quick Emulator) allows attackers to cause a denial of service (QEMU instance crash) by leveraging failure to properly clear ifq_so from pending packets.

oracle-oval логотип

ELSA-2018-0816

oracle-oval
около 7 лет назад

ELSA-2018-0816: qemu-kvm security, bug fix, and enhancement update (LOW)

EPSS

Процентиль: 76%
0.01042
Низкий

3.4 Low

CVSS3

2.9 Low

CVSS2