PT-2018-5771 · Qemu+2 · Qemu+2

Eric Blake

Publicado

2017-12-22

Atualizado

2024-06-15

CVE-2017-15118

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: qemu versions prior to 2.11

Description: A stack-based buffer overflow issue was discovered in the NBD server implementation, allowing a client to request an export name larger than the intended limit, resulting in an out-of-bounds stack write. The issue can only be triggered if the attacker can successfully negotiate TLS when it is required by the NBD server.

Recommendations: For versions prior to 2.11, update to version 2.11 or later to resolve the issue. As a temporary workaround, consider restricting access to the NBD server or disabling TLS negotiation to minimize the risk of exploitation.

Exploit

Correção

Stack Overflow

Memory Corruption

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-121CWE-787

Identificadores relacionados

ALT-PU-2017-2829

ALT-PU-2018-1076

ALT-PU-2018-2521

CVE-2017-15118

OPENSUSE-SU-2024:11287-1

RHSA-2018:1104

RHSA-2018:1113

USN-3575-1

USN-3575-2

Produtos afetados

Alt Linux

Ubuntu

Qemu

PT-2018-5771 · Qemu+2 · Qemu+2

CVE-2017-15118

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 204