2018-07-27 20:29:00 2019-10-10 01:26:59

A stack buffer overflow flaw was found in the Quick Emulator (QEMU) before 2.9 built with the Network Block Device (NBD) client support. The flaw could occur while processing server's response to a 'NBD_OPT_LIST' request. A malicious NBD server could use this issue to crash a remote NBD client resulting in DoS or potentially execute arbitrary code on client host with privileges of the QEMU process.

Vector

NETWORK

Complexity

LOW

Authentication

SINGLE_INSTANCE

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL
QEMU 2.0.0 release candidate 0 QEMU 2.0.0 Qemu Qemu 2.0.0 (not an official CPE) Qemu Qemu 1.7.2 (not an official CPE) QEMU 1.7.1 Qemu Qemu 1.7.0 (not an official CPE) QEMU 1.6.2 QEMU 1.6.1 QEMU 1.6.0 release candidate 3 QEMU 1.6.0 release candidate 2 QEMU 1.6.0 release candidate 1 QEMU 1.6.0 QEMU 1.5.3 QEMU 1.5.2 QEMU 1.5.1 QEMU 1.5.0 release candidate 3 QEMU 1.5.0 release candidate 2 QEMU 1.5.0 release candidate 1 QEMU 1.5.0 QEMU 1.4.2 QEMU 1.4.1 Qemu Qemu 1.4.0 (not an official CPE) Qemu Qemu 1.3.1 (not an official CPE) Qemu Qemu 1.3.0 (not an official CPE) Qemu Qemu 1.2.2 (not an official CPE) Qemu Qemu 1.2.1 (not an official CPE) Qemu Qemu 1.2.0 (not an official CPE) Qemu Qemu 1.1.2 (not an official CPE) Qemu Qemu 1.1.1 (not an official CPE) Qemu Qemu 1.1.0 (not an official CPE) QEMU 1.1 release candidate 4 QEMU 1.1 release candidate 3 QEMU 1.1 release candidate 2 QEMU 1.1 release candidate 1 QEMU 1.1 QEMU 1.0.1 QEMU 1.0 release candidate 4 QEMU 1.0 release candidate 3 QEMU 1.0 release candidate 2 QEMU 1.0 release candidate 1 QEMU 1.0 QEMU 0.15.2 QEMU 0.15.1 QEMU 0.15.0 release candidate 2 QEMU 0.15.0 release candidate 1 Qemu Qemu 0.15.0 (not an official CPE) QEMU 0.14.1 QEMU 0.14.0 release candidate 2 QEMU 0.14.0 release candidate 1 QEMU 0.14.0 release candidate 0 QEMU 0.14.0 QEMU 0.13.0 release candidate 1 QEMU 0.13.0 release candidate 0 QEMU 0.13.0 QEMU 0.12.5 QEMU 0.12.4 QEMU 0.12.3 QEMU 0.12.2 QEMU 0.12.1 QEMU 0.12.0 release candidate 2 QEMU 0.12.0 release candidate 1 QEMU 0.12.0 QEMU 0.11.1 QEMU 0.11.0-rc2 QEMU 0.11.0-rc1 QEMU 0.11.0-rc0 QEMU 0.11.0 release candidate 2 QEMU 0.11.0 release candidate 1 QEMU 0.11.0-rc0 QEMU 0.11.0 QEMU 0.10.6 QEMU 0.10.5 QEMU 0.10.4 QEMU 0.10.3 QEMU 0.10.2 QEMU 0.10.1 QEMU 0.10.0 QEMU 0.9.1-5 QEMU 0.9.1 QEMU 0.9.0 QEMU 0.8.2 QEMU 0.8.1 QEMU 0.8.0 QEMU 0.7.2 QEMU 0.7.1 QEMU 0.7.0 QEMU 0.6.1 QEMU 0.6.0 QEMU 0.5.5 QEMU 0.5.4 QEMU 0.5.3 QEMU 0.5.2 QEMU 0.5.1 QEMU 0.5.0 Qemu Qemu 0.4.4 (not an official CPE) QEMU 0.4.3 QEMU 0.4.2 QEMU 0.4.1 Qemu Qemu 0.4.0 (not an official CPE) QEMU 0.4 Qemu Qemu 0.3.0 (not an official CPE) QEMU 0.3 Qemu Qemu 0.2.0 (not an official CPE) QEMU 0.2 QEMU 0.1.6 QEMU 0.1.5 QEMU 0.1.4 QEMU 0.1.3 QEMU 0.1.2 QEMU 0.1.1 Qemu Qemu 0.1.0 (not an official CPE) QEMU 0.1 QEMU QEMU 2.0.0 release candidate 1 QEMU 2.0.0 release candidate 2 QEMU 2.0.0 release candidate 3 Qemu Qemu 2.0.1 (not an official CPE) QEMU QEMU 2.0.2 QEMU QEMU 2.1.0 QEMU QEMU 2.1.0 release candidate 0 QEMU QEMU 2.1.0 release candidate 1 QEMU QEMU 2.1.0 release candidate 2 QEMU QEMU 2.1.0 release candidate 3 QEMU QEMU 2.1.0 release candidate 5 QEMU QEMU 2.1.1 QEMU QEMU 2.1.2 QEMU 2.1.3 Qemu Qemu 2.2.0 (not an official CPE) Qemu Qemu 2.2.1 (not an official CPE) QEMU 2.3.0 Qemu Qemu 2.3.1 (not an official CPE) Qemu Qemu 2.4.0 (not an official CPE) Qemu Qemu 2.4.0.1 (not an official CPE) Qemu Qemu 2.4.1 (not an official CPE) Qemu Qemu 2.5.0 (not an official CPE) Qemu Qemu 2.5.1 (not an official CPE) Qemu Qemu 2.5.1.1 (not an official CPE) Qemu Qemu 2.6.0 (not an official CPE) Qemu Qemu 2.6.1 (not an official CPE) Qemu Qemu 2.6.2 (not an official CPE) Qemu Qemu 2.7.0 (not an official CPE) Qemu Qemu 2.7.1 (not an official CPE) Qemu Qemu 2.8.0 (not an official CPE) Qemu Qemu 2.8.1 (not an official CPE) Qemu Qemu 2.8.1.1 (not an official CPE)