CVE-2017-15118

A stack-based buffer overflow vulnerability was found in NBD server implementation in qemu before 2.11 allowing a client to request an export name of size up to 4096 bytes, which in fact should be limited to 256 bytes, causing an out-of-bounds stack write in the qemu process. If NBD server requires TLS, the attacker cannot trigger the buffer overflow without first successfully negotiating TLS.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.3 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
redhatCNA
8.3 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 81%
VendorProductVersion
qemuqemu
𝑥
< 2.11
canonicalubuntu_linux
14.04
canonicalubuntu_linux
16.04
canonicalubuntu_linux
17.10
redhatenterprise_linux
7.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
qemu
bullseye
1:5.2+dfsg-11+deb11u3
fixed
stretch
not-affected
jessie
not-affected
wheezy
not-affected
bullseye (security)
1:5.2+dfsg-11+deb11u2
fixed
bookworm
1:7.2+dfsg-7+deb12u7
fixed
sid
1:9.1.1+ds-2
fixed
trixie
1:9.1.1+ds-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
qemu
artful
Fixed 1:2.10+dfsg-0ubuntu3.5
released
zesty
ignored
xenial
not-affected
trusty
not-affected
qemu-kvm
artful
dne
zesty
dne
xenial
dne
trusty
dne
Common Weakness Enumeration
References
http://www.openwall.com/lists/oss-security/2017/11/28/8
http://www.securityfocus.com/bid/101975
https://access.redhat.com/errata/RHSA-2018:1104
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15118
https://lists.gnu.org/archive/html/qemu-devel/2017-11/msg05045.html
https://usn.ubuntu.com/3575-1/
https://www.exploit-db.com/exploits/43194/
http://www.openwall.com/lists/oss-security/2017/11/28/8
http://www.securityfocus.com/bid/101975
https://access.redhat.com/errata/RHSA-2018:1104
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15118
https://lists.gnu.org/archive/html/qemu-devel/2017-11/msg05045.html
https://usn.ubuntu.com/3575-1/
https://www.exploit-db.com/exploits/43194/