QwikSec

Security Database

CVE

CWE

Training

CVE-2017-2630

Published: Jul 27, 2018

Modified: Aug 5, 2024

PUBLISHED

CVSS v3.0

5.5

MEDIUM

Description

A stack buffer overflow flaw was found in the Quick Emulator (QEMU) before 2.9 built with the Network Block Device (NBD) client support. The flaw could occur while processing server's response to a 'NBD_OPT_LIST' request. A malicious NBD server could use this issue to crash a remote NBD client resulting in DoS or potentially execute arbitrary code on client host with privileges of the QEMU process.

Vendor	Product	Versions
QEMU	Qemu:	affected `2.9`

Weaknesses (CWE)

CVSS v3.0 Details

CVSS v3.0 Vector

CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L

Attack Vector

Network

Attack Complexity

High

Privileges Required

High

User Interaction

None

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

Low

References

vendor-advisory

x_refsource_REDHAT

vdb-entry

x_refsource_BID

vendor-advisory

x_refsource_GENTOO

[oss-security] 20170215 CVE-2017-2630 Qemu: nbd: oob stack write in client routine drop_sync

mailing-list

x_refsource_MLIST

[qemu-devel] 20170206 [PATCH 05/18] nbd/client: fix drop_sync

mailing-list

x_refsource_MLIST

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2630

x_refsource_CONFIRM

https://bugzilla.redhat.com/show_bug.cgi?id=1422415

x_refsource_CONFIRM

https://github.com/qemu/qemu/commit/2563c9c6b8670400c48e562034b321a7cf3d9a85

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.