PT-2017-3861 · Qemu+3 · Qemu+3

Eric Blake

Publicado

2017-11-28

Atualizado

2019-10-09

CVE-2017-15119

CVSS v3.1

8.6

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions QEMU versions prior to 2.11

Description The issue is related to a denial of service problem in the Network Block Device (NBD) server. It can be triggered by a client sending large option requests, causing the server to waste CPU time. This could allow a remote attacker to keep the NBD server from serving other requests, resulting in a denial of service.

Recommendations For versions prior to 2.11, update to version 2.11 or later to resolve the issue. As a temporary workaround, consider restricting access to the NBD server to minimize the risk of exploitation.

Exploit

Correção

DoS

Resource Exhaustion

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-400

Identificadores relacionados

ALT-PU-2017-2829

ALT-PU-2018-1076

ALT-PU-2018-2521

BDU:2019-04100

CVE-2017-15119

DSA-4213-1

OPENSUSE-SU-2018_0780-1

RHSA-2018:1104

RHSA-2018:1113

SUSE-SU-2018:0762-1

SUSE-SU-2018:0831-1

USN-3575-1

USN-3575-2

Produtos afetados

Alt Linux

Qemu

Suse

Ubuntu

PT-2017-3861 · Qemu+3 · Qemu+3

CVE-2017-15119

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 130