CVE-2017-15118 — Vulnetix

CVE-2017-15118 PUBLISHED CVSS 8.3 HIGH

Reported by redhat · Published July 27, 2018

A stack-based buffer overflow vulnerability was found in NBD server implementation in qemu before 2.11 allowing a client to request an export name of size up to 4096 bytes, which in fact should be limited to 256 bytes, causing an out-of-bounds stack write in the qemu process. If NBD server requires TLS, the attacker cannot trigger the buffer overflow without first successfully negotiating TLS.

Risk Scores

CVSS 3.0

8.3

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L

Affected Products

Vendor	Product	Versions
QEMU	Qemu	2.11
QEMU	Qemu	2.11, 2.11

Exploit Intelligence

https://lists.gnu.org/archive/html/qemu-devel/2017-11/msg05045.html (nist-nvd)
https://www.exploit-db.com/exploits/43194/ (nist-nvd)
QEMU - NBD Server Long Export Name Stack Buffer Overflow (0day-today)

Timeline

Nov 29, 2017 PoC Published
Jul 27, 2018 CVE Published
Apr 14, 2021 EPSS Score
Jun 23, 2021 EPSS Score
Oct 26, 2021 EPSS Score
Dec 27, 2021 EPSS Score
Feb 28, 2022 EPSS Score
May 2, 2022 EPSS Score
Sep 5, 2022 EPSS Score
Nov 6, 2022 EPSS Score
Mar 11, 2023 EPSS Score
Mar 12, 2023 EPSS Score

References

x_refsource_CONFIRM
RHSA-2018:1104 vendor-advisoryx_refsource_REDHAT
x_refsource_MISC
USN-3575-1 vendor-advisoryx_refsource_UBUNTU
101975 vdb-entryx_refsource_BID
x_refsource_MISC
43194 exploitx_refsource_EXPLOIT-DB

Open in Interactive Console →