Back to search
CVE-2017-9524
Published: Jul 6, 2017
Modified: Aug 5, 2024
PUBLISHED
Description
The qemu-nbd server in QEMU (aka Quick Emulator), when built with the Network Block Device (NBD) Server support, allows remote attackers to cause a denial of service (segmentation fault and server crash) by leveraging failure to ensure that all initialization occurs before talking to a client in the nbd_negotiate function.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
RHSA-2017:1681
vendor-advisory
x_refsource_REDHAT
[oss-security] 20170612 CVE-2017-9524 Qemu: nbd: segmentation fault due to client non-negotiation
mailing-list
x_refsource_MLIST
RHSA-2017:1682
vendor-advisory
x_refsource_REDHAT
99011
vdb-entry
x_refsource_BID
[qemu-devel] 20170526 [PATCH] nbd: Fully initialize client in case of failed negotiation
mailing-list
x_refsource_MLIST
RHSA-2017:2408
vendor-advisory
x_refsource_REDHAT
DSA-3925
vendor-advisory
x_refsource_DEBIAN
[qemu-devel] 20170608 [PATCH] nbd: Fix regression on resiliency to port scan
mailing-list
x_refsource_MLIST
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now