PT-2017-15456 · Qemu+5 · Qemu+5

Published

2014-04-22

Updated

2019-10-09

CVE-2017-2633

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions QEMU versions prior to 1.7.2

Description An out-of-bounds memory access issue was found in the VNC display driver. This flaw could occur while refreshing the VNC display surface area in the vnc refresh server surface function. A user inside a guest could use this flaw to crash the QEMU process.

Recommendations For versions prior to 1.7.2, update to version 1.7.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the VNC display driver to minimize the risk of exploitation.

Fix

Buffer Overflow

Out of bounds Read

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-120CWE-125CWE-787

Related Identifiers

ALT-PU-2014-1526

CESA-2017_1206

CESA-2017_1856

CVE-2017-2633

RHSA-2017:1205

RHSA-2017:1206

RHSA-2017:1441

RHSA-2017:1856

RHSA-2017_1206

RHSA-2017_1856

SUSE-SU-2017:1080-1

SUSE-SU-2017:1081-1

SUSE-SU-2017:1147-1

SUSE-SU-2017:2969-1

SUSE-SU-2018:0019-1

SUSE-SU-2018:0039-1

USN-3261-1

Affected Products

Alt Linux

Centos

Qemu

Red Hat

Suse

Ubuntu

PT-2017-15456 · Qemu+5 · Qemu+5

CVE-2017-2633

Weakness Enumeration

Related Identifiers

Affected Products

References · 267