CVE - CVE-2017-7539

CVE-ID
CVE-2017-7539	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
An assertion-failure flaw was found in Qemu before 2.10.1, in the Network Block Device (NBD) server's initial connection negotiation, where the I/O coroutine was undefined. This could crash the qemu-nbd server if a client sent unexpected data during connection negotiation. A remote user or process could use this flaw to crash the qemu-nbd server resulting in denial of service.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:99944 URL:http://www.securityfocus.com/bid/99944 MISC:RHSA-2017:2628 URL:https://access.redhat.com/errata/RHSA-2017:2628 MISC:RHSA-2017:3466 URL:https://access.redhat.com/errata/RHSA-2017:3466 MISC:RHSA-2017:3470 URL:https://access.redhat.com/errata/RHSA-2017:3470 MISC:RHSA-2017:3471 URL:https://access.redhat.com/errata/RHSA-2017:3471 MISC:RHSA-2017:3472 URL:https://access.redhat.com/errata/RHSA-2017:3472 MISC:RHSA-2017:3473 URL:https://access.redhat.com/errata/RHSA-2017:3473 MISC:RHSA-2017:3474 URL:https://access.redhat.com/errata/RHSA-2017:3474 MISC:[oss-security] 20170721 CVE-2017-7539 Qemu: qemu-nbd crashes due to undefined I/O coroutine URL:http://www.openwall.com/lists/oss-security/2017/07/21/4 MISC:https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7539 URL:https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7539 MISC:https://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=2b0bbc4f8809c972bad134bc1a2570dbb01dea0b URL:https://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=2b0bbc4f8809c972bad134bc1a2570dbb01dea0b MISC:https://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=ff82911cd3f69f028f2537825c9720ff78bc3f19 URL:https://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=ff82911cd3f69f028f2537825c9720ff78bc3f19
Assigning CNA
Red Hat, Inc.
Date Record Created
20170405	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20170405)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)