CVE-2017-7539
Qemu: qemu-nbd crashes due to undefined I/O coroutine
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
An assertion-failure flaw was found in Qemu before 2.10.1, in the Network Block Device (NBD) server's initial connection negotiation, where the I/O coroutine was undefined. This could crash the qemu-nbd server if a client sent unexpected data during connection negotiation. A remote user or process could use this flaw to crash the qemu-nbd server resulting in denial of service.
Se ha detectado un fallo de aserción en Qemu en versiones anteriores a la 2.10.1 en la negociación de conexión inicial de los servidores de NBD (Network Block Device) en el que la corrutina I/O no estaba definida. Esto podría provocar el cierre inesperado del servidor qemu-nbd si un cliente envía datos no esperados durante la negociación de la conexión. Un proceso o usuario remoto podría utilizar este fallo para provocar el cierre inesperado del servidor qemu-nbd, resultando en una denegación de servicio (DoS).
An assertion-failure flaw was found in the Network Block Device (NBD) server's initial connection negotiation, where the I/O coroutine was undefined. This could crash the qemu-nbd server if a client sent unexpected data during connection negotiation. A remote user or process could use this flaw to crash the qemu-nbd server resulting in denial of service.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-04-05 CVE Reserved
- 2017-09-05 CVE Published
- 2024-08-05 CVE Updated
- 2024-08-10 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
- CWE-617: Reachable Assertion
CAPEC
References (14)
URL | Tag | Source |
---|---|---|
http://www.securityfocus.com/bid/99944 | Third Party Advisory | |
https://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=2b0bbc4f8809c972bad134bc1a2570dbb01dea0b | X_refsource_confirm | |
https://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=ff82911cd3f69f028f2537825c9720ff78bc3f19 | X_refsource_confirm |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://www.openwall.com/lists/oss-security/2017/07/21/4 | 2023-02-12 | |
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7539 | 2023-02-12 |
URL | Date | SRC |
---|---|---|
https://access.redhat.com/errata/RHSA-2017:2628 | 2023-02-12 | |
https://access.redhat.com/errata/RHSA-2017:3466 | 2023-02-12 | |
https://access.redhat.com/errata/RHSA-2017:3470 | 2023-02-12 | |
https://access.redhat.com/errata/RHSA-2017:3471 | 2023-02-12 | |
https://access.redhat.com/errata/RHSA-2017:3472 | 2023-02-12 | |
https://access.redhat.com/errata/RHSA-2017:3473 | 2023-02-12 | |
https://access.redhat.com/errata/RHSA-2017:3474 | 2023-02-12 | |
https://access.redhat.com/security/cve/CVE-2017-7539 | 2017-12-14 | |
https://bugzilla.redhat.com/show_bug.cgi?id=1473622 | 2017-12-14 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Redhat Search vendor "Redhat" | Virtualization Search vendor "Redhat" for product "Virtualization" | 3.0 Search vendor "Redhat" for product "Virtualization" and version "3.0" | - |
Affected
| in | Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | 7.0 Search vendor "Redhat" for product "Enterprise Linux" and version "7.0" | - |
Safe
|
Qemu Search vendor "Qemu" | Qemu Search vendor "Qemu" for product "Qemu" | < 2.10.1 Search vendor "Qemu" for product "Qemu" and version " < 2.10.1" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Openstack Search vendor "Redhat" for product "Openstack" | 6.0 Search vendor "Redhat" for product "Openstack" and version "6.0" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Openstack Search vendor "Redhat" for product "Openstack" | 7.0 Search vendor "Redhat" for product "Openstack" and version "7.0" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Openstack Search vendor "Redhat" for product "Openstack" | 8 Search vendor "Redhat" for product "Openstack" and version "8" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Openstack Search vendor "Redhat" for product "Openstack" | 9 Search vendor "Redhat" for product "Openstack" and version "9" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Openstack Search vendor "Redhat" for product "Openstack" | 10 Search vendor "Redhat" for product "Openstack" and version "10" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Openstack Search vendor "Redhat" for product "Openstack" | 11 Search vendor "Redhat" for product "Openstack" and version "11" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Virtualization Search vendor "Redhat" for product "Virtualization" | 4.0 Search vendor "Redhat" for product "Virtualization" and version "4.0" | - |
Affected
|