8.6
CVE-2017-15119
- EPSS 3.33%
- Veröffentlicht 27.07.2018 16:29:00
- Zuletzt bearbeitet 21.11.2024 03:14:06
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
The Network Block Device (NBD) server in Quick Emulator (QEMU) before 2.11 is vulnerable to a denial of service issue. It could occur if a client sent large option requests, making the server waste CPU time on reading up to 4GB per request. A client could use this flaw to keep the NBD server from serving other requests, resulting in DoS.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Redhat ≫ Virtualization Version4.0
Canonical ≫ Ubuntu Linux Version14.04 SwEditionlts
Canonical ≫ Ubuntu Linux Version16.04 SwEditionlts
Canonical ≫ Ubuntu Linux Version17.10
Debian ≫ Debian Linux Version9.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 3.33% | 0.87 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.6 | 3.9 | 4 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:N/I:N/A:P
|
| secalert@redhat.com | 5.8 | 3.9 | 1.4 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
|
CWE-400 Uncontrolled Resource Consumption
The product does not properly control the allocation and maintenance of a limited resource.
https://usn.ubuntu.com/3575-1/
https://access.redhat.com/errata/RHSA-2018:1104
https://access.redhat.com/errata/RHSA-2018:1113
https://www.debian.org/security/2018/dsa-4213
http://www.openwall.com/lists/oss-security/2017/11/28/9
http://www.securityfocus.com/bid/102011
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15119
https://lists.gnu.org/archive/html/qemu-devel/2017-11/msg05044.html