CVE-2017-7539 — Vulnetix

Try Vulnetix Request Demo

CVE-2017-7539 PUBLISHED CVSS 5.300000190734863 MEDIUM

An assertion-failure flaw was found in Qemu before 2.10.1, in the Network Block Device (NBD) server's initial connection negotiation, where the I/O coroutine was undefined. This could crash the qemu-nbd server if a client sent unexpected data during connection negotiation. A remote user or process could use this flaw to crash the qemu-nbd server resulting in denial of service.

EPSS 2.75% · 85.9th percentile

Risk Scores

CVSS v3.0

5.300000190734863

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

EPSS Score

2.75%

85.9th percentile

Affected Products

Vendor	Product	Versions
redhat	openstack	11, 6.0, 7.0
qemu	qemu	0
QEMU	Qemu	2.10.1
redhat	virtualization	4.0, 3.0

Timeline

Jul 26, 2018 CVE Published
Apr 14, 2021 EPSS Score
Aug 23, 2021 EPSS Score
Oct 24, 2021 EPSS Score
Feb 4, 2022 EPSS Score
Apr 28, 2022 EPSS Score
Jun 29, 2022 EPSS Score
Nov 1, 2022 EPSS Score
Feb 3, 2023 EPSS Score
Mar 5, 2023 EPSS Score
Mar 7, 2023 EPSS Score
May 8, 2023 EPSS Score

References

RHSA-2017:2628 vendor-advisory
https://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=2b0bbc4f8809c972bad134bc1a2570dbb01dea0b url
RHSA-2017:3473 vendor-advisory
RHSA-2017:3470 vendor-advisory
RHSA-2017:3472 vendor-advisory
RHSA-2017:3474 vendor-advisory
RHSA-2017:3471 vendor-advisory
https://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=ff82911cd3f69f028f2537825c9720ff78bc3f19 url
[oss-security] 20170721 CVE-2017-7539 Qemu: qemu-nbd crashes due to undefined I/O coroutine mailing-list
RHSA-2017:3466 vendor-advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7539 url
99944 vdb
https://nvd.nist.gov/vuln/detail/CVE-2017-7539 advisory
https://access.redhat.com/security/cve/CVE-2017-7539 url
https://bugzilla.redhat.com/show_bug.cgi?id=1473622 url
https://git.qemu.org/?p=qemu.git;a=commitdiff;h=2b0bbc4f8809c972bad134bc1a2570dbb01dea0b url
https://git.qemu.org/?p=qemu.git;a=commitdiff;h=ff82911cd3f69f028f2537825c9720ff78bc3f19 url

Open in Interactive Console →