7.8

CVE-2017-8309

Memory leak in the audio/audio.c in QEMU (aka Quick Emulator) allows remote attackers to cause a denial of service (memory consumption) by repeatedly starting and stopping audio capture.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
QemuQemu Version <= 2.9.1
DebianDebian Linux Version8.0
RedhatOpenstack Version6.0
RedhatOpenstack Version7.0
RedhatOpenstack Version8
RedhatOpenstack Version9
RedhatOpenstack Version10
RedhatOpenstack Version11
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 4.54% 0.903
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 7.8 10 6.9
AV:N/AC:L/Au:N/C:N/I:N/A:C
CWE-772 Missing Release of Resource after Effective Lifetime

The product does not release a resource after its effective lifetime has ended, i.e., after the resource is no longer needed.

https://access.redhat.com/errata/RHSA-2017:2408
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html
Third Party Advisory
Mailing List
https://security.gentoo.org/glsa/201706-03
Third Party Advisory
http://www.securityfocus.com/bid/98302
Third Party Advisory
VDB Entry
https://lists.gnu.org/archive/html/qemu-devel/2017-04/msg05587.html
Patch
Third Party Advisory
Mailing List