7.5

CVE-2017-7539

An assertion-failure flaw was found in Qemu before 2.10.1, in the Network Block Device (NBD) server's initial connection negotiation, where the I/O coroutine was undefined. This could crash the qemu-nbd server if a client sent unexpected data during connection negotiation. A remote user or process could use this flaw to crash the qemu-nbd server resulting in denial of service.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
QemuQemu Version < 2.10.1
RedhatOpenstack Version6.0
RedhatOpenstack Version7.0
RedhatOpenstack Version8
RedhatOpenstack Version9
RedhatOpenstack Version10
RedhatOpenstack Version11
RedhatVirtualization Version4.0
RedhatVirtualization Version3.0
   RedhatEnterprise Linux Version7.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 5.53% 0.918
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
secalert@redhat.com 5.3 3.9 1.4
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

CWE-617 Reachable Assertion

The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.

https://access.redhat.com/errata/RHSA-2017:3466
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3470
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3471
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3472
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3473
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3474
Third Party Advisory
http://www.openwall.com/lists/oss-security/2017/07/21/4
Patch
Third Party Advisory
Mailing List
http://www.securityfocus.com/bid/99944
Third Party Advisory
VDB Entry
https://access.redhat.com/errata/RHSA-2017:2628
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7539
Patch
Third Party Advisory
Issue Tracking
https://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=2b0bbc4f8809c972bad134bc1a2570dbb01dea0b
https://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=ff82911cd3f69f028f2537825c9720ff78bc3f19