CVE-2017-15119

Published: Jul 27, 2018Modified: Nov 21, 2024

8.6

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 4.0

Source: NVD

Description

The Network Block Device (NBD) server in Quick Emulator (QEMU) before 2.11 is vulnerable to a denial of service issue. It could occur if a client sent large option requests, making the server waste CPU time on reading up to 4GB per request. A client could use this flaw to keep the NBD server from serving other requests, resulting in DoS.

Affected (6)

Products: Qemu: Qemu · Canonical: Ubuntu Linux · Debian: Debian Linux · +1 more

Show all products

Qemu: Qemu · Canonical: Ubuntu Linux · Debian: Debian Linux · Redhat: Virtualization

1 product

1 product

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Qemu Qemu	Before 2.11.0

Configuration B

5 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 14.04
Canonical Ubuntu Linux	Version 16.04
Canonical Ubuntu Linux	Version 17.10
Debian Debian Linux	Version 9.0
Redhat Virtualization	Version 4.0

Related CWEs

Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

References (16)

http://www.openwall.com/lists/oss-security/2017/11/28/9

Source: secalert@redhat.com

Mailing ListPatchThird Party Advisory

http://www.securityfocus.com/bid/102011

Source: secalert@redhat.com

Third Party AdvisoryVDB Entry

https://access.redhat.com/errata/RHSA-2018:1104

Source: secalert@redhat.com

Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:1113

Source: secalert@redhat.com

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15119

Source: secalert@redhat.com

Issue TrackingPatchThird Party Advisory

https://lists.gnu.org/archive/html/qemu-devel/2017-11/msg05044.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

https://usn.ubuntu.com/3575-1/

Source: secalert@redhat.com

Third Party Advisory

https://www.debian.org/security/2018/dsa-4213

Source: secalert@redhat.com

Third Party Advisory

http://www.openwall.com/lists/oss-security/2017/11/28/9

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListPatchThird Party Advisory

http://www.securityfocus.com/bid/102011

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://access.redhat.com/errata/RHSA-2018:1104

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:1113

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15119

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingPatchThird Party Advisory

https://lists.gnu.org/archive/html/qemu-devel/2017-11/msg05044.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://usn.ubuntu.com/3575-1/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.debian.org/security/2018/dsa-4213

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.