CVE-2017-11434

Published: Jul 25, 2017Modified: May 13, 2026

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

The dhcp_decode function in slirp/bootp.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (out-of-bounds read and QEMU process crash) via a crafted DHCP options string.

Affected (7)

Products: Qemu: Qemu · Debian: Debian Linux

1 product

1 product

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Qemu Qemu	Up to 2.9.1
Qemu Qemu	Version 2.10.0 rc0
Qemu Qemu	Version 2.10.0 rc1
Qemu Qemu	Version 2.10.0 rc2
Qemu Qemu	Version 2.10.0 rc3

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 8.0
Debian Debian Linux	Version 9.0

Related CWEs

CWE-125

Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

References (12)

http://www.debian.org/security/2017/dsa-3925

Source: cve@mitre.org

Third Party Advisory

http://www.openwall.com/lists/oss-security/2017/07/19/2

Source: cve@mitre.org

Mailing ListPatchThird Party Advisory

http://www.securityfocus.com/bid/99923

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

https://bugzilla.redhat.com/show_bug.cgi?id=1472611

Source: cve@mitre.org

Issue TrackingPatchThird Party Advisory

https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html

Source: cve@mitre.org

Third Party Advisory

https://lists.gnu.org/archive/html/qemu-devel/2017-07/msg05001.html

Source: cve@mitre.org

Issue TrackingPatchThird Party Advisory

http://www.debian.org/security/2017/dsa-3925