7.5
CVE-2017-7539
- EPSS 5.53%
- Veröffentlicht 26.07.2018 14:29:00
- Zuletzt bearbeitet 21.11.2024 03:32:07
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
An assertion-failure flaw was found in Qemu before 2.10.1, in the Network Block Device (NBD) server's initial connection negotiation, where the I/O coroutine was undefined. This could crash the qemu-nbd server if a client sent unexpected data during connection negotiation. A remote user or process could use this flaw to crash the qemu-nbd server resulting in denial of service.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Redhat ≫ Virtualization Version4.0
Redhat ≫ Virtualization Version3.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 5.53% | 0.918 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:N/I:N/A:P
|
| secalert@redhat.com | 5.3 | 3.9 | 1.4 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
CWE-617 Reachable Assertion
The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.
https://access.redhat.com/errata/RHSA-2017:3466
https://access.redhat.com/errata/RHSA-2017:3470
https://access.redhat.com/errata/RHSA-2017:3471
https://access.redhat.com/errata/RHSA-2017:3472
https://access.redhat.com/errata/RHSA-2017:3473
https://access.redhat.com/errata/RHSA-2017:3474
http://www.openwall.com/lists/oss-security/2017/07/21/4
http://www.securityfocus.com/bid/99944
https://access.redhat.com/errata/RHSA-2017:2628
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7539
https://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=2b0bbc4f8809c972bad134bc1a2570dbb01dea0b
https://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=ff82911cd3f69f028f2537825c9720ff78bc3f19