VDB
CVE-2017-7539
CVE-2017-7539
PUBLISHED
CVSS 5.300000190734863 MEDIUM
An assertion-failure flaw was found in Qemu before 2.10.1, in the Network Block Device (NBD) server's initial connection negotiation, where the I/O coroutine was undefined. This could crash the qemu-nbd server if a client sent unexpected data during connection negotiation. A remote user or process could use this flaw to crash the qemu-nbd server resulting in denial of service.
EPSS 2.97% · 86.8th percentile
Risk Scores
CVSS 3.0
5.300000190734863
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
EPSS Score
2.97%
86.8th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| redhat | openstack | 11, 7.0, 8 |
| qemu | qemu | 0 |
| QEMU | Qemu | 2.10.1 |
| redhat | virtualization | 4.0, 3.0 |
Exploit Intelligence
- RHSA-2017:2628 (circl)
- https://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=2b0bbc4f8809c972bad134bc1a2570dbb01dea0b (circl)
- RHSA-2017:3473 (circl)
- RHSA-2017:3470 (circl)
- RHSA-2017:3472 (circl)
- RHSA-2017:3474 (circl)
- RHSA-2017:3471 (circl)
- https://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=ff82911cd3f69f028f2537825c9720ff78bc3f19 (circl)
- [oss-security] 20170721 CVE-2017-7539 Qemu: qemu-nbd crashes due to undefined I/O coroutine (circl)
- RHSA-2017:3466 (circl)
…and 2 more exploits
Timeline
- Jul 26, 2018 CVE Published
- Apr 14, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Feb 4, 2022 EPSS Score
- May 2, 2022 EPSS Score
- Sep 5, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
- Feb 3, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- May 8, 2023 EPSS Score
- May 13, 2023 EPSS Score
References
- RHSA-2017:2628 vendor-advisory
- https://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=2b0bbc4f8809c972bad134bc1a2570dbb01dea0b url
- RHSA-2017:3473 vendor-advisory
- RHSA-2017:3470 vendor-advisory
- RHSA-2017:3472 vendor-advisory
- RHSA-2017:3474 vendor-advisory
- RHSA-2017:3471 vendor-advisory
- https://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=ff82911cd3f69f028f2537825c9720ff78bc3f19 url
- [oss-security] 20170721 CVE-2017-7539 Qemu: qemu-nbd crashes due to undefined I/O coroutine mailing-list
- RHSA-2017:3466 vendor-advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7539 url
- 99944 vdb
- https://nvd.nist.gov/vuln/detail/CVE-2017-7539 advisory
- https://access.redhat.com/security/cve/CVE-2017-7539 url
- https://bugzilla.redhat.com/show_bug.cgi?id=1473622 url
- https://git.qemu.org/?p=qemu.git;a=commitdiff;h=2b0bbc4f8809c972bad134bc1a2570dbb01dea0b url
- https://git.qemu.org/?p=qemu.git;a=commitdiff;h=ff82911cd3f69f028f2537825c9720ff78bc3f19 url