Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
8.8
CVSSv3

CVE-2017-2630

Published: 27/07/2018 Updated: 07/11/2023
CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 578
Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P
Subscribe to Qemu

Vulnerability Summary

A stack buffer overflow flaw was found in the Quick Emulator (QEMU) prior to 2.9 built with the Network Block Device (NBD) client support. The flaw could occur while processing server's response to a 'NBD_OPT_LIST' request. A malicious NBD server could use this issue to crash a remote NBD client resulting in DoS or potentially execute arbitrary code on client host with privileges of the QEMU process.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

qemu qemu

Vendor Advisories

Red Hat: CVE-2017-2630
A stack buffer overflow flaw was found in the Quick Emulator (QEMU) built with the Network Block Device (NBD) client support The flaw could occur while processing server's response to a 'NBD_OPT_LIST' request A malicious NBD server could use this issue to crash a remote NBD client resulting in DoS or potentially execute arbitrary code on client h ...
Debian CVElist Bug Report Logs: qemu: CVE-2017-6505: infinite loop issue in ohci_service_ed_list
Debian Bug report logs - #856969 qemu: CVE-2017-6505: infinite loop issue in ohci_service_ed_list Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 6 Mar 2017 18:51:01 UTC Severity: normal Tags: pa ...
Debian CVElist Bug Report Logs: qemu: CVE-2017-7377
Debian Bug report logs - #859854 qemu: CVE-2017-7377 Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 7 Apr 2017 19:48:02 UTC Severity: important Tags: fixed-upstream, patch, security, upstream F ...
Debian CVElist Bug Report Logs: qemu: CVE-2016-9603: cirrus: heap buffer overflow via vnc connection
Debian Bug report logs - #857744 qemu: CVE-2016-9603: cirrus: heap buffer overflow via vnc connection Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 14 Mar 2017 16:15:01 UTC Severity: grave Tags: ...
Debian CVElist Bug Report Logs: qemu: CVE-2017-6058: net: vmxnet3: OOB NetRxPkt::ehdr_buf access when doing vlan stripping
Debian Bug report logs - #855616 qemu: CVE-2017-6058: net: vmxnet3: OOB NetRxPkt::ehdr_buf access when doing vlan stripping Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 20 Feb 2017 19:51:01 UTC ...
Debian CVElist Bug Report Logs: qemu: CVE-2017-2615
Debian Bug report logs - #854731 qemu: CVE-2017-2615 Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Thu, 9 Feb 2017 22:45:02 UTC Severity: important Tags: fixed-upstream, security, upstream Found in vers ...
Debian CVElist Bug Report Logs: CVE-2017-5931
Debian Bug report logs - #854730 CVE-2017-5931 Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Thu, 9 Feb 2017 22:42:04 UTC Severity: important Tags: security Fixed in version qemu/1:28+dfsg-3 Done: Mic ...
Debian CVElist Bug Report Logs: qemu: CVE-2017-2630: nbd: oob stack write in client routine drop_sync
Debian Bug report logs - #855227 qemu: CVE-2017-2630: nbd: oob stack write in client routine drop_sync Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 15 Feb 2017 18:21:01 UTC Severity: grave Tags ...
Debian CVElist Bug Report Logs: qemu: CVE-2016-8667: dma: rc4030 divide by zero error in set_next_tick
Debian Bug report logs - #840950 qemu: CVE-2016-8667: dma: rc4030 divide by zero error in set_next_tick Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 16 Oct 2016 12:21:02 UTC Severity: normal Ta ...
Debian CVElist Bug Report Logs: qemu: CVE-2017-5987: sd: infinite loop issue in multi block transfers
Debian Bug report logs - #855159 qemu: CVE-2017-5987: sd: infinite loop issue in multi block transfers Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 14 Feb 2017 19:45:02 UTC Severity: important ...
Debian CVElist Bug Report Logs: CVE-2017-5898
Debian Bug report logs - #854729 CVE-2017-5898 Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Thu, 9 Feb 2017 22:42:01 UTC Severity: important Tags: security Fixed in version qemu/1:28+dfsg-3 Done: Mic ...
Debian CVElist Bug Report Logs: qemu: CVE-2016-7907: net: inifinte loop in imx_fec_do_tx() function
Debian Bug report logs - #839986 qemu: CVE-2016-7907: net: inifinte loop in imx_fec_do_tx() function Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 7 Oct 2016 06:45:01 UTC Severity: normal Tags: ...
Debian CVElist Bug Report Logs: qemu: CVE-2017-2620: cirrus_bitblt_cputovideo does not check if memory region is safe
Debian Bug report logs - #855791 qemu: CVE-2017-2620: cirrus_bitblt_cputovideo does not check if memory region is safe Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 21 Feb 2017 16:06:01 UTC Seve ...
Debian CVElist Bug Report Logs: CVE-2017-5667 / CVE-2017-5856 / CVE-2017-5857
Debian Bug report logs - #853996 CVE-2017-5667 / CVE-2017-5856 / CVE-2017-5857 Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Thu, 2 Feb 2017 22:06:02 UTC Severity: important Tags: security Fixed in vers ...
Debian CVElist Bug Report Logs: qemu: CVE-2017-5579: serial: host memory leakage 16550A UART emulation
Debian Bug report logs - #853002 qemu: CVE-2017-5579: serial: host memory leakage 16550A UART emulation Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 28 Jan 2017 20:51:04 UTC Severity: normal Ta ...
Debian CVElist Bug Report Logs: qemu: CVE-2017-5973: usb: infinite loop while doing control transfer in xhci_kick_epctx
Debian Bug report logs - #855611 qemu: CVE-2017-5973: usb: infinite loop while doing control transfer in xhci_kick_epctx Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 20 Feb 2017 19:21:04 UTC Se ...
Debian CVElist Bug Report Logs: qemu: CVE-2016-9602: 9p: virtfs allows guest to access host filesystem
Debian Bug report logs - #853006 qemu: CVE-2016-9602: 9p: virtfs allows guest to access host filesystem Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 28 Jan 2017 21:18:01 UTC Severity: grave Tag ...

References

CWE-121https://lists.gnu.org/archive/html/qemu-devel/2017-02/msg01246.htmlhttps://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2630http://www.openwall.com/lists/oss-security/2017/02/15/2https://security.gentoo.org/glsa/201704-01https://access.redhat.com/errata/RHSA-2017:2392http://www.securityfocus.com/bid/96265https://bugzilla.redhat.com/show_bug.cgi?id=1422415https://github.com/qemu/qemu/commit/2563c9c6b8670400c48e562034b321a7cf3d9a85https://nvd.nist.govhttps://access.redhat.com/security/cve/cve-2017-2630
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49333CVE-2024-33901CVE-2024-36001CVE-2024-2835firewallXPath injectionauthentication bypassCVE-2024-22120CVE-2024-32002
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook