Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2017-2630

Опубликовано: 03 фев. 2017
Источник: redhat
CVSS3: 5.5
CVSS2: 4.6
EPSS Низкий

Описание

A stack buffer overflow flaw was found in the Quick Emulator (QEMU) before 2.9 built with the Network Block Device (NBD) client support. The flaw could occur while processing server's response to a 'NBD_OPT_LIST' request. A malicious NBD server could use this issue to crash a remote NBD client resulting in DoS or potentially execute arbitrary code on client host with privileges of the QEMU process.

A stack buffer overflow flaw was found in the Quick Emulator (QEMU) built with the Network Block Device (NBD) client support. The flaw could occur while processing server's response to a 'NBD_OPT_LIST' request. A malicious NBD server could use this issue to crash a remote NBD client resulting in DoS or potentially execute arbitrary code on client host with privileges of the QEMU process.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5kvmNot affected
Red Hat Enterprise Linux 5xenNot affected
Red Hat Enterprise Linux 6qemu-kvmNot affected
Red Hat Enterprise Linux 7qemu-kvmNot affected
Red Hat Enterprise Linux OpenStack Platform 5 (Icehouse)qemu-kvm-rhevNot affected
Red Hat Enterprise Linux OpenStack Platform 6 (Juno)qemu-kvm-rhevNot affected
Red Hat Enterprise Linux OpenStack Platform 7 (Kilo)qemu-kvm-rhevNot affected
Red Hat OpenStack Platform 10 (Newton)qemu-kvm-rhevNot affected
Red Hat OpenStack Platform 8 (Liberty)qemu-kvm-rhevNot affected
Red Hat OpenStack Platform 9 (Mitaka)qemu-kvm-rhevNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-121
https://bugzilla.redhat.com/show_bug.cgi?id=1422415Qemu: nbd: oob stack write in client routine drop_sync

EPSS

Процентиль: 82%
0.01712
Низкий

5.5 Medium

CVSS3

4.6 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2017-2630

CVSS3: 5.5
ubuntu
почти 7 лет назад

A stack buffer overflow flaw was found in the Quick Emulator (QEMU) before 2.9 built with the Network Block Device (NBD) client support. The flaw could occur while processing server's response to a 'NBD_OPT_LIST' request. A malicious NBD server could use this issue to crash a remote NBD client resulting in DoS or potentially execute arbitrary code on client host with privileges of the QEMU process.

nvd логотип

CVE-2017-2630

CVSS3: 5.5
nvd
почти 7 лет назад

A stack buffer overflow flaw was found in the Quick Emulator (QEMU) before 2.9 built with the Network Block Device (NBD) client support. The flaw could occur while processing server's response to a 'NBD_OPT_LIST' request. A malicious NBD server could use this issue to crash a remote NBD client resulting in DoS or potentially execute arbitrary code on client host with privileges of the QEMU process.

debian логотип

CVE-2017-2630

CVSS3: 5.5
debian
почти 7 лет назад

A stack buffer overflow flaw was found in the Quick Emulator (QEMU) be ...

github логотип

GHSA-2rf9-cmpf-qww5

CVSS3: 8.8
github
около 3 лет назад

A stack buffer overflow flaw was found in the Quick Emulator (QEMU) before 2.9 built with the Network Block Device (NBD) client support. The flaw could occur while processing server's response to a 'NBD_OPT_LIST' request. A malicious NBD server could use this issue to crash a remote NBD client resulting in DoS or potentially execute arbitrary code on client host with privileges of the QEMU process.

oracle-oval логотип

ELSA-2018-4262

oracle-oval
больше 6 лет назад

ELSA-2018-4262: qemu security update (IMPORTANT)

EPSS

Процентиль: 82%
0.01712
Низкий

5.5 Medium

CVSS3

4.6 Medium

CVSS2