2018-07-27 23:29:00 2019-10-10 01:24:14

A stack-based buffer overflow vulnerability was found in NBD server implementation in qemu before 2.11 allowing a client to request an export name of size up to 4096 bytes, which in fact should be limited to 256 bytes, causing an out-of-bounds stack write in the qemu process. If NBD server requires TLS, the attacker cannot trigger the buffer overflow without first successfully negotiating TLS.

Vector

NETWORK

Complexity

LOW

Authentication

NONE

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL
QEMU QEMU 2.1.0 release candidate 1 QEMU QEMU 2.1.0 release candidate 0 QEMU QEMU 2.1.0 QEMU QEMU 2.0.2 Qemu Qemu 2.0.1 (not an official CPE) QEMU 2.0.0 release candidate 3 QEMU 2.0.0 release candidate 2 QEMU 2.0.0 release candidate 1 QEMU 2.0.0 release candidate 0 QEMU 2.0.0 Qemu Qemu 2.0.0 (not an official CPE) Qemu Qemu 1.7.2 (not an official CPE) QEMU 1.7.1 Qemu Qemu 1.7.0 (not an official CPE) QEMU 1.6.2 QEMU 1.6.1 QEMU 1.6.0 release candidate 3 QEMU 1.6.0 release candidate 2 QEMU 1.6.0 release candidate 1 QEMU 1.6.0 QEMU 1.5.3 QEMU 1.5.2 QEMU 1.5.1 QEMU 1.5.0 release candidate 3 QEMU 1.5.0 release candidate 2 QEMU 1.5.0 release candidate 1 QEMU 1.5.0 QEMU 1.4.2 QEMU 1.4.1 Qemu Qemu 1.4.0 (not an official CPE) Qemu Qemu 1.3.1 (not an official CPE) Qemu Qemu 1.3.0 (not an official CPE) Qemu Qemu 1.2.2 (not an official CPE) Qemu Qemu 1.2.1 (not an official CPE) Qemu Qemu 1.2.0 (not an official CPE) Qemu Qemu 1.1.2 (not an official CPE) Qemu Qemu 1.1.1 (not an official CPE) Qemu Qemu 1.1.0 (not an official CPE) QEMU 1.1 release candidate 4 QEMU 1.1 release candidate 3 QEMU 1.1 release candidate 2 QEMU 1.1 release candidate 1 QEMU 1.1 QEMU 1.0.1 QEMU 1.0 release candidate 4 QEMU 1.0 release candidate 3 QEMU 1.0 release candidate 2 QEMU 1.0 release candidate 1 QEMU 1.0 QEMU 0.15.2 QEMU 0.15.1 QEMU 0.15.0 release candidate 2 QEMU 0.15.0 release candidate 1 Qemu Qemu 0.15.0 (not an official CPE) QEMU 0.14.1 QEMU 0.14.0 release candidate 2 QEMU 0.14.0 release candidate 1 QEMU 0.14.0 release candidate 0 QEMU 0.14.0 QEMU 0.13.0 release candidate 1 QEMU 0.13.0 release candidate 0 QEMU 0.13.0 QEMU 0.12.5 QEMU 0.12.4 QEMU 0.12.3 QEMU 0.12.2 QEMU 0.12.1 QEMU 0.12.0 release candidate 2 QEMU 0.12.0 release candidate 1 QEMU 0.12.0 QEMU 0.11.1 QEMU 0.11.0-rc2 QEMU 0.11.0-rc1 QEMU 0.11.0-rc0 QEMU 0.11.0 release candidate 2 QEMU 0.11.0 release candidate 1 QEMU 0.11.0-rc0 QEMU 0.11.0 QEMU 0.10.6 QEMU 0.10.5 QEMU 0.10.4 QEMU 0.10.3 QEMU 0.10.2 QEMU 0.10.1 QEMU 0.10.0 QEMU 0.9.1-5 QEMU 0.9.1 QEMU 0.9.0 QEMU 0.8.2 QEMU 0.8.1 QEMU 0.8.0 QEMU 0.7.2 QEMU 0.7.1 QEMU 0.7.0 QEMU 0.6.1 QEMU 0.6.0 QEMU 0.5.5 QEMU 0.5.4 QEMU 0.5.3 QEMU 0.5.2 QEMU 0.5.1 QEMU 0.5.0 Qemu Qemu 0.4.4 (not an official CPE) QEMU 0.4.3 QEMU 0.4.2 QEMU 0.4.1 Qemu Qemu 0.4.0 (not an official CPE) QEMU 0.4 Qemu Qemu 0.3.0 (not an official CPE) QEMU 0.3 Qemu Qemu 0.2.0 (not an official CPE) QEMU 0.2 QEMU 0.1.6 QEMU 0.1.5 QEMU 0.1.4 QEMU 0.1.3 QEMU 0.1.2 QEMU 0.1.1 Qemu Qemu 0.1.0 (not an official CPE) QEMU 0.1 QEMU QEMU QEMU 2.1.0 release candidate 2 QEMU QEMU 2.1.0 release candidate 3 QEMU QEMU 2.1.0 release candidate 5 QEMU QEMU 2.1.1 QEMU QEMU 2.1.2 QEMU 2.1.3 Qemu Qemu 2.2.0 (not an official CPE) Qemu Qemu 2.2.1 (not an official CPE) QEMU 2.3.0 Qemu Qemu 2.3.1 (not an official CPE) Qemu Qemu 2.4.0 (not an official CPE) Qemu Qemu 2.4.0.1 (not an official CPE) Qemu Qemu 2.4.1 (not an official CPE) Qemu Qemu 2.5.0 (not an official CPE) Qemu Qemu 2.5.1 (not an official CPE) Qemu Qemu 2.5.1.1 (not an official CPE) Qemu Qemu 2.6.0 (not an official CPE) Qemu Qemu 2.6.1 (not an official CPE) Qemu Qemu 2.6.2 (not an official CPE) Qemu Qemu 2.7.0 (not an official CPE) Qemu Qemu 2.7.1 (not an official CPE) Qemu Qemu 2.8.0 (not an official CPE) Qemu Qemu 2.8.1 (not an official CPE) Qemu Qemu 2.8.1.1 (not an official CPE) Qemu Qemu 2.9.0 (not an official CPE) Qemu Qemu 2.9.1 (not an official CPE) Qemu Qemu 2.10.0 (not an official CPE) Qemu Qemu 2.10.1 (not an official CPE) Qemu Qemu 2.10.2 (not an official CPE)