CVE-2017-8309

Memory leak in the audio/audio.c in QEMU (aka Quick Emulator) allows remote attackers to cause a denial of service (memory consumption) by repeatedly starting and stopping audio capture.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 81%
VendorProductVersion
qemuqemu
𝑥
≤ 2.9.1
debiandebian_linux
8.0
redhatopenstack
6.0
redhatopenstack
7.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
qemu
bullseye
1:5.2+dfsg-11+deb11u3
fixed
bullseye (security)
1:5.2+dfsg-11+deb11u2
fixed
bookworm
1:7.2+dfsg-7+deb12u7
fixed
sid
1:9.1.1+ds-2
fixed
trixie
1:9.1.1+ds-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
qemu
hirsute
Fixed 1:2.8+dfsg-3ubuntu3
released
groovy
Fixed 1:2.8+dfsg-3ubuntu3
released
focal
Fixed 1:2.8+dfsg-3ubuntu3
released
eoan
Fixed 1:2.8+dfsg-3ubuntu3
released
disco
Fixed 1:2.8+dfsg-3ubuntu3
released
cosmic
Fixed 1:2.8+dfsg-3ubuntu3
released
bionic
Fixed 1:2.8+dfsg-3ubuntu3
released
artful
Fixed 1:2.8+dfsg-3ubuntu3
released
zesty
Fixed 1:2.8+dfsg-3ubuntu2.2
released
yakkety
Fixed 1:2.6.1+dfsg-0ubuntu5.5
released
xenial
Fixed 1:2.5+dfsg-5ubuntu10.14
released
trusty
Fixed 2.0.0+dfsg-2ubuntu1.34
released
precise
dne
qemu-kvm
hirsute
dne
groovy
dne
focal
dne
eoan
dne
disco
dne
cosmic
dne
bionic
dne
artful
dne
zesty
dne
yakkety
dne
xenial
dne
trusty
dne
precise
ignored
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/98302
https://access.redhat.com/errata/RHSA-2017:2408
https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html
https://lists.gnu.org/archive/html/qemu-devel/2017-04/msg05587.html
https://security.gentoo.org/glsa/201706-03
http://www.securityfocus.com/bid/98302
https://access.redhat.com/errata/RHSA-2017:2408
https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html
https://lists.gnu.org/archive/html/qemu-devel/2017-04/msg05587.html
https://security.gentoo.org/glsa/201706-03