CVE-2017-2630 MEDIUM

CVE-2017-2630

Vendor Qemu
Product Qemu:
Weakness CWE-121
Published July 27, 2018
Last update August 5, 2024

CVSS base score

5.5/10
Attack vector Network
Attack complexity High
Privileges required High
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L

What the vulnerability does

01Description

A stack buffer overflow flaw was found in the Quick Emulator (QEMU) before 2.9 built with the Network Block Device (NBD) client support. The flaw could occur while processing server's response to a 'NBD_OPT_LIST' request. A malicious NBD server could use this issue to crash a remote NBD client resulting in DoS or potentially execute arbitrary code on client host with privileges of the QEMU process.

Key dates

02Disclosure timeline

July 27, 2018 CVE published
August 5, 2024 Record updated