← Back

CVE-2020-10761

nvd nist
Published: Jun 9, 2020Modified: Nov 21, 2024

JSON object

Loading...
5.0
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L
Exploitability: 3.1 / Impact: 1.4
Source: NVD

Description

An assertion failure issue was found in the Network Block Device(NBD) Server in all QEMU versions before QEMU 5.0.1. This flaw occurs when an nbd-client sends a spec-compliant request that is near the boundary of maximum permitted request length. A remote nbd-client could use this flaw to crash the qemu-nbd server resulting in a denial of service.

Affected (7)

Products: Qemu: Qemu · Redhat: Enterprise Linux · Opensuse: Leap · +1 more
Show all products
Qemu: Qemu · Redhat: Enterprise Linux · Opensuse: Leap · Canonical: Ubuntu Linux
Qemu
1 product
Qemu
Redhat
1 product
Enterprise Linux
Opensuse
1 product
Leap
Canonical
1 product
Ubuntu Linux
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Qemu
Before 5.0.1
Configuration B
2 vulnerable
Vulnerable SoftwareAffected Versions
Redhat
Enterprise Linux
Version 8.0
Enterprise Linux
Version 8.0
Configuration C
1 vulnerable
Vulnerable SoftwareAffected Versions
Leap
Version 15.2
Configuration D
3 vulnerable
Vulnerable SoftwareAffected Versions
Canonical
Ubuntu Linux
Version 16.04
Ubuntu Linux
Version 18.04
Ubuntu Linux
Version 20.04

Related CWEs

CWE-617
Reachable Assertion
The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.

References (12)

Source: secalert@redhat.com
Mailing ListThird Party Advisory
Source: secalert@redhat.com
Issue TrackingThird Party Advisory
Source: secalert@redhat.com
Third Party Advisory
Source: secalert@redhat.com
Third Party Advisory
Source: secalert@redhat.com
Third Party Advisory
Source: secalert@redhat.com
Mailing ListPatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Issue TrackingThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListPatchThird Party Advisory

Timeline

No history available yet.