CVE-2017-7539
26.07.2018, 14:29
An assertion-failure flaw was found in Qemu before 2.10.1, in the Network Block Device (NBD) server's initial connection negotiation, where the I/O coroutine was undefined. This could crash the qemu-nbd server if a client sent unexpected data during connection negotiation. A remote user or process could use this flaw to crash the qemu-nbd server resulting in denial of service.Enginsight
| Vendor | Product | Version |
|---|---|---|
| qemu | qemu | 𝑥 < 2.10.1 |
| redhat | openstack | 6.0 |
| redhat | openstack | 7.0 |
| redhat | virtualization | 4.0 |
| redhat | virtualization | 3.0 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
Common Weakness Enumeration
- CWE-617 - Reachable AssertionThe product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.
- CWE-20 - Improper Input ValidationThe product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
References