CVE-2017-15118

EUVD-2017-6579
A stack-based buffer overflow vulnerability was found in NBD server implementation in qemu before 2.11 allowing a client to request an export name of size up to 4096 bytes, which in fact should be limited to 256 bytes, causing an out-of-bounds stack write in the qemu process. If NBD server requires TLS, the attacker cannot trigger the buffer overflow without first successfully negotiating TLS.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.3 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
redhatCNA
8.3 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: 81%
Affected Products (NVD)
VendorProductVersion
qemuqemu
𝑥
< 2.11
canonicalubuntu_linux
14.04
canonicalubuntu_linux
16.04
canonicalubuntu_linux
17.10
redhatenterprise_linux
7.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
qemu
bookworm
1:7.2+dfsg-7+deb12u7
fixed
bullseye
1:5.2+dfsg-11+deb11u3
fixed
bullseye (security)
1:5.2+dfsg-11+deb11u2
fixed
jessie
not-affected
sid
1:9.1.1+ds-2
fixed
stretch
not-affected
trixie
1:9.1.1+ds-2
fixed
wheezy
not-affected
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
qemu
artful
Fixed 1:2.10+dfsg-0ubuntu3.5
released
trusty
not-affected
xenial
not-affected
zesty
ignored
qemu-kvm
artful
dne
trusty
dne
xenial
dne
zesty
dne
Common Weakness Enumeration
References
http://www.openwall.com/lists/oss-security/2017/11/28/8
http://www.securityfocus.com/bid/101975
https://access.redhat.com/errata/RHSA-2018:1104
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15118
https://lists.gnu.org/archive/html/qemu-devel/2017-11/msg05045.html
https://usn.ubuntu.com/3575-1/
https://www.exploit-db.com/exploits/43194/
http://www.openwall.com/lists/oss-security/2017/11/28/8
http://www.securityfocus.com/bid/101975
https://access.redhat.com/errata/RHSA-2018:1104
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15118
https://lists.gnu.org/archive/html/qemu-devel/2017-11/msg05045.html
https://usn.ubuntu.com/3575-1/
https://www.exploit-db.com/exploits/43194/