PT-2017-2590 · Qemu Team+5 · Qemu+5

Max Reitz

·

Published

2017-06-11

·

Updated

2024-06-15

·

CVE-2017-10664

CVSS v3.1

7.5

High

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions QEMU (aka Quick Emulator) (affected versions not specified)
Description The issue is related to the qemu-nbd in QEMU, which does not properly handle data, specifically ignoring SIGPIPE. This allows remote attackers to cause a denial of service by disconnecting during a server-to-client reply attempt, resulting in a daemon crash.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-19

Related Identifiers

ALT-PU-2017-1993
ALT-PU-2017-2175
BDU:2017-01803
CESA-2017_2445
CVE-2017-10664
DLA-1070-1
DLA-1071-1
DLA-1599-1
DSA-3920-1
OPENSUSE-SU-2017_2394-1
OPENSUSE-SU-2017_2398-1
OPENSUSE-SU-2017_2513-1
OPENSUSE-SU-2017_2941-1
OPENSUSE-SU-2024:11287-1
RHSA-2017:2390
RHSA-2017:2445
RHSA-2017:3466
RHSA-2017:3470
RHSA-2017:3471
RHSA-2017:3472
RHSA-2017:3473
RHSA-2017:3474
RHSA-2017_2445
SUSE-SU-2017:2319-1
SUSE-SU-2017:2326-1
SUSE-SU-2017:2327-1
SUSE-SU-2017:2327-2
SUSE-SU-2017:2339-1
SUSE-SU-2017:2416-1
SUSE-SU-2017:2450-1
SUSE-SU-2017:2541-1
SUSE-SU-2017:2936-1
SUSE-SU-2017:2946-1
SUSE-SU-2017:2963-1
SUSE-SU-2017:2969-1
SUSE-SU-2017:3084-1
SUSE-SU-2017_2319-1
SUSE-SU-2017_2327-1
SUSE-SU-2017_2327-2
SUSE-SU-2017_2339-1
SUSE-SU-2017_2416-1
SUSE-SU-2017_2450-1
SUSE-SU-2017_2541-1
SUSE-SU-2017_2936-1
USN-3414-1
USN-3414-2

Affected Products

Alt Linux
Centos
Qemu
Red Hat
Suse
Ubuntu