CVE-2017-2633

Sažetak

An out-of-bounds memory access issue was found in Quick Emulator (QEMU) before 1.7.2 in the VNC display driver. This flaw could occur while refreshing the VNC display surface area in the 'vnc_refresh_server_surface'. A user inside a guest could use this flaw to crash the QEMU process.

Reference

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2633
http://www.openwall.com/lists/oss-security/2017/02/23/1
https://access.redhat.com/errata/RHSA-2017:1856
https://access.redhat.com/errata/RHSA-2017:1441
https://access.redhat.com/errata/RHSA-2017:1206
https://access.redhat.com/errata/RHSA-2017:1205
http://www.securityfocus.com/bid/96417
https://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=bea60dd7679364493a0d7f5b54316c767cf894ef
https://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=9f64916da20eea67121d544698676295bbb105a7

CVSS

Base:	4.0
Impact:	2.9
Exploitability:	8.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	NONE	PARTIAL

CVSS vektor

AV:N/AC:L/Au:S/C:N/I:N/A:P

Zadnje važnije ažuriranje

07-11-2023 - 02:43

Objavljeno

27-07-2018 - 19:29