Search

Find a vulnerability

Search criteria

    8 vulnerabilities found for Qemu: by QEMU

    CVE-2016-9603 (GCVE-0-2016-9603)

    Vulnerability from nvd – Published: 2018-07-27 21:00 – Updated: 2024-08-06 02:59
    VLAI
    Summary
    A heap buffer overflow flaw was found in QEMU's Cirrus CLGD 54xx VGA emulator's VNC display driver support before 2.9; the issue could occur when a VNC client attempted to update its display after a VGA operation is performed by a guest. A privileged user/process inside a guest could use this flaw to crash the QEMU process or, potentially, execute arbitrary code on the host with privileges of the QEMU process.
    CWE
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/96893 vdb-entryx_refsource_BID
    https://access.redhat.com/errata/RHSA-2017:0983 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2017:0982 vendor-advisoryx_refsource_REDHAT
    https://lists.debian.org/debian-lts-announce/2018… mailing-listx_refsource_MLIST
    https://security.gentoo.org/glsa/201706-03 vendor-advisoryx_refsource_GENTOO
    https://access.redhat.com/errata/RHSA-2017:1206 vendor-advisoryx_refsource_REDHAT
    http://www.securitytracker.com/id/1038023 vdb-entryx_refsource_SECTRACK
    https://support.citrix.com/article/CTX221578 x_refsource_CONFIRM
    https://access.redhat.com/errata/RHSA-2017:0985 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2017:0987 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2017:0984 vendor-advisoryx_refsource_REDHAT
    https://lists.debian.org/debian-lts-announce/2018… mailing-listx_refsource_MLIST
    https://access.redhat.com/errata/RHSA-2017:0988 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2017:1441 vendor-advisoryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2… x_refsource_CONFIRM
    https://access.redhat.com/errata/RHSA-2017:0981 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2017:0980 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2017:1205 vendor-advisoryx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    QEMU Qemu: Affected: 2.9
    Create a notification for this product.
    Date Public
    2017-03-07 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T02:59:02.448Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "96893",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/96893"
              },
              {
                "name": "RHSA-2017:0983",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2017:0983"
              },
              {
                "name": "RHSA-2017:0982",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2017:0982"
              },
              {
                "name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
              },
              {
                "name": "GLSA-201706-03",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201706-03"
              },
              {
                "name": "RHSA-2017:1206",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2017:1206"
              },
              {
                "name": "1038023",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1038023"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.citrix.com/article/CTX221578"
              },
              {
                "name": "RHSA-2017:0985",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2017:0985"
              },
              {
                "name": "RHSA-2017:0987",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2017:0987"
              },
              {
                "name": "RHSA-2017:0984",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2017:0984"
              },
              {
                "name": "[debian-lts-announce] 20180206 [SECURITY] [DLA 1270-1] xen security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2018/02/msg00005.html"
              },
              {
                "name": "RHSA-2017:0988",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2017:0988"
              },
              {
                "name": "RHSA-2017:1441",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2017:1441"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9603"
              },
              {
                "name": "RHSA-2017:0981",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2017:0981"
              },
              {
                "name": "RHSA-2017:0980",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2017:0980"
              },
              {
                "name": "RHSA-2017:1205",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2017:1205"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Qemu:",
              "vendor": "QEMU",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.9"
                }
              ]
            }
          ],
          "datePublic": "2017-03-07T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A heap buffer overflow flaw was found in QEMU\u0027s Cirrus CLGD 54xx VGA emulator\u0027s VNC display driver support before 2.9; the issue could occur when a VNC client attempted to update its display after a VGA operation is performed by a guest. A privileged user/process inside a guest could use this flaw to crash the QEMU process or, potentially, execute arbitrary code on the host with privileges of the QEMU process."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "CWE-122",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-09-07T09:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "96893",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/96893"
            },
            {
              "name": "RHSA-2017:0983",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2017:0983"
            },
            {
              "name": "RHSA-2017:0982",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2017:0982"
            },
            {
              "name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
            },
            {
              "name": "GLSA-201706-03",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201706-03"
            },
            {
              "name": "RHSA-2017:1206",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2017:1206"
            },
            {
              "name": "1038023",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1038023"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.citrix.com/article/CTX221578"
            },
            {
              "name": "RHSA-2017:0985",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2017:0985"
            },
            {
              "name": "RHSA-2017:0987",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2017:0987"
            },
            {
              "name": "RHSA-2017:0984",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2017:0984"
            },
            {
              "name": "[debian-lts-announce] 20180206 [SECURITY] [DLA 1270-1] xen security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2018/02/msg00005.html"
            },
            {
              "name": "RHSA-2017:0988",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2017:0988"
            },
            {
              "name": "RHSA-2017:1441",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2017:1441"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9603"
            },
            {
              "name": "RHSA-2017:0981",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2017:0981"
            },
            {
              "name": "RHSA-2017:0980",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2017:0980"
            },
            {
              "name": "RHSA-2017:1205",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2017:1205"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2016-9603",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Qemu:",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2.9"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "QEMU"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A heap buffer overflow flaw was found in QEMU\u0027s Cirrus CLGD 54xx VGA emulator\u0027s VNC display driver support before 2.9; the issue could occur when a VNC client attempted to update its display after a VGA operation is performed by a guest. A privileged user/process inside a guest could use this flaw to crash the QEMU process or, potentially, execute arbitrary code on the host with privileges of the QEMU process."
                }
              ]
            },
            "impact": {
              "cvss": [
                [
                  {
                    "vectorString": "5.5/CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L",
                    "version": "3.0"
                  }
                ],
                [
                  {
                    "vectorString": "4.9/AV:A/AC:M/Au:S/C:P/I:P/A:P",
                    "version": "2.0"
                  }
                ]
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-122"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "96893",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/96893"
                },
                {
                  "name": "RHSA-2017:0983",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2017:0983"
                },
                {
                  "name": "RHSA-2017:0982",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2017:0982"
                },
                {
                  "name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
                },
                {
                  "name": "GLSA-201706-03",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201706-03"
                },
                {
                  "name": "RHSA-2017:1206",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2017:1206"
                },
                {
                  "name": "1038023",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1038023"
                },
                {
                  "name": "https://support.citrix.com/article/CTX221578",
                  "refsource": "CONFIRM",
                  "url": "https://support.citrix.com/article/CTX221578"
                },
                {
                  "name": "RHSA-2017:0985",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2017:0985"
                },
                {
                  "name": "RHSA-2017:0987",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2017:0987"
                },
                {
                  "name": "RHSA-2017:0984",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2017:0984"
                },
                {
                  "name": "[debian-lts-announce] 20180206 [SECURITY] [DLA 1270-1] xen security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2018/02/msg00005.html"
                },
                {
                  "name": "RHSA-2017:0988",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2017:0988"
                },
                {
                  "name": "RHSA-2017:1441",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2017:1441"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9603",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9603"
                },
                {
                  "name": "RHSA-2017:0981",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2017:0981"
                },
                {
                  "name": "RHSA-2017:0980",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2017:0980"
                },
                {
                  "name": "RHSA-2017:1205",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2017:1205"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2016-9603",
        "datePublished": "2018-07-27T21:00:00.000Z",
        "dateReserved": "2016-11-23T00:00:00.000Z",
        "dateUpdated": "2024-08-06T02:59:02.448Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-2633 (GCVE-0-2017-2633)

    Vulnerability from nvd – Published: 2018-07-27 19:00 – Updated: 2024-08-05 14:02
    VLAI
    Summary
    An out-of-bounds memory access issue was found in Quick Emulator (QEMU) before 1.7.2 in the VNC display driver. This flaw could occur while refreshing the VNC display surface area in the 'vnc_refresh_server_surface'. A user inside a guest could use this flaw to crash the QEMU process.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    QEMU Qemu: Affected: 1.7.2
    Create a notification for this product.
    Date Public
    2016-12-01 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T14:02:06.898Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[oss-security] 20170223 CVE-2017-2633 Qemu: VNC: memory corruption due to unchecked resolution limit",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2017/02/23/1"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=bea60dd7679364493a0d7f5b54316c767cf894ef"
              },
              {
                "name": "RHSA-2017:1206",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2017:1206"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=9f64916da20eea67121d544698676295bbb105a7"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2633"
              },
              {
                "name": "RHSA-2017:1441",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2017:1441"
              },
              {
                "name": "96417",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/96417"
              },
              {
                "name": "RHSA-2017:1856",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2017:1856"
              },
              {
                "name": "RHSA-2017:1205",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2017:1205"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Qemu:",
              "vendor": "QEMU",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.7.2"
                }
              ]
            }
          ],
          "datePublic": "2016-12-01T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An out-of-bounds memory access issue was found in Quick Emulator (QEMU) before 1.7.2 in the VNC display driver. This flaw could occur while refreshing the VNC display surface area in the \u0027vnc_refresh_server_surface\u0027. A user inside a guest could use this flaw to crash the QEMU process."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "CWE-120",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-07-28T09:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "[oss-security] 20170223 CVE-2017-2633 Qemu: VNC: memory corruption due to unchecked resolution limit",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2017/02/23/1"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=bea60dd7679364493a0d7f5b54316c767cf894ef"
            },
            {
              "name": "RHSA-2017:1206",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2017:1206"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=9f64916da20eea67121d544698676295bbb105a7"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2633"
            },
            {
              "name": "RHSA-2017:1441",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2017:1441"
            },
            {
              "name": "96417",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/96417"
            },
            {
              "name": "RHSA-2017:1856",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2017:1856"
            },
            {
              "name": "RHSA-2017:1205",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2017:1205"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2017-2633",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Qemu:",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "1.7.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "QEMU"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An out-of-bounds memory access issue was found in Quick Emulator (QEMU) before 1.7.2 in the VNC display driver. This flaw could occur while refreshing the VNC display surface area in the \u0027vnc_refresh_server_surface\u0027. A user inside a guest could use this flaw to crash the QEMU process."
                }
              ]
            },
            "impact": {
              "cvss": [
                [
                  {
                    "vectorString": "5.4/CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L",
                    "version": "3.0"
                  }
                ],
                [
                  {
                    "vectorString": "3.8/AV:A/AC:M/Au:S/C:N/I:P/A:P",
                    "version": "2.0"
                  }
                ]
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-120"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "[oss-security] 20170223 CVE-2017-2633 Qemu: VNC: memory corruption due to unchecked resolution limit",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2017/02/23/1"
                },
                {
                  "name": "https://git.qemu.org/?p=qemu.git;a=commitdiff;h=bea60dd7679364493a0d7f5b54316c767cf894ef",
                  "refsource": "CONFIRM",
                  "url": "https://git.qemu.org/?p=qemu.git;a=commitdiff;h=bea60dd7679364493a0d7f5b54316c767cf894ef"
                },
                {
                  "name": "RHSA-2017:1206",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2017:1206"
                },
                {
                  "name": "https://git.qemu.org/?p=qemu.git;a=commitdiff;h=9f64916da20eea67121d544698676295bbb105a7",
                  "refsource": "CONFIRM",
                  "url": "https://git.qemu.org/?p=qemu.git;a=commitdiff;h=9f64916da20eea67121d544698676295bbb105a7"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2633",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2633"
                },
                {
                  "name": "RHSA-2017:1441",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2017:1441"
                },
                {
                  "name": "96417",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/96417"
                },
                {
                  "name": "RHSA-2017:1856",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2017:1856"
                },
                {
                  "name": "RHSA-2017:1205",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2017:1205"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2017-2633",
        "datePublished": "2018-07-27T19:00:00.000Z",
        "dateReserved": "2016-12-01T00:00:00.000Z",
        "dateUpdated": "2024-08-05T14:02:06.898Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-2620 (GCVE-0-2017-2620)

    Vulnerability from nvd – Published: 2018-07-27 19:00 – Updated: 2024-08-05 14:02
    VLAI
    Summary
    Quick emulator (QEMU) before 2.8 built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds access issue. The issue could occur while copying VGA data in cirrus_bitblt_cputovideo. A privileged user inside guest could use this flaw to crash the QEMU process OR potentially execute arbitrary code on host with privileges of the QEMU process.
    CWE
    Assigner
    References
    URL Tags
    http://rhn.redhat.com/errata/RHSA-2017-0329.html vendor-advisoryx_refsource_REDHAT
    http://rhn.redhat.com/errata/RHSA-2017-0334.html vendor-advisoryx_refsource_REDHAT
    http://www.securitytracker.com/id/1037870 vdb-entryx_refsource_SECTRACK
    http://rhn.redhat.com/errata/RHSA-2017-0328.html vendor-advisoryx_refsource_REDHAT
    https://lists.debian.org/debian-lts-announce/2018… mailing-listx_refsource_MLIST
    http://rhn.redhat.com/errata/RHSA-2017-0333.html vendor-advisoryx_refsource_REDHAT
    http://rhn.redhat.com/errata/RHSA-2017-0351.html vendor-advisoryx_refsource_REDHAT
    http://rhn.redhat.com/errata/RHSA-2017-0454.html vendor-advisoryx_refsource_REDHAT
    https://xenbits.xen.org/xsa/advisory-209.html x_refsource_CONFIRM
    http://rhn.redhat.com/errata/RHSA-2017-0331.html vendor-advisoryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2… x_refsource_CONFIRM
    http://www.openwall.com/lists/oss-security/2017/02/21/1 mailing-listx_refsource_MLIST
    http://rhn.redhat.com/errata/RHSA-2017-0350.html vendor-advisoryx_refsource_REDHAT
    https://lists.debian.org/debian-lts-announce/2018… mailing-listx_refsource_MLIST
    http://rhn.redhat.com/errata/RHSA-2017-0396.html vendor-advisoryx_refsource_REDHAT
    https://security.gentoo.org/glsa/201704-01 vendor-advisoryx_refsource_GENTOO
    https://lists.gnu.org/archive/html/qemu-devel/201… mailing-listx_refsource_MLIST
    http://rhn.redhat.com/errata/RHSA-2017-0352.html vendor-advisoryx_refsource_REDHAT
    http://rhn.redhat.com/errata/RHSA-2017-0330.html vendor-advisoryx_refsource_REDHAT
    http://rhn.redhat.com/errata/RHSA-2017-0332.html vendor-advisoryx_refsource_REDHAT
    http://www.securityfocus.com/bid/96378 vdb-entryx_refsource_BID
    https://support.citrix.com/article/CTX220771 x_refsource_CONFIRM
    https://security.gentoo.org/glsa/201703-07 vendor-advisoryx_refsource_GENTOO
    Impacted products
    Vendor Product Version
    QEMU Qemu: Affected: 2.8
    Create a notification for this product.
    Date Public
    2017-02-21 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T14:02:07.311Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "RHSA-2017:0329",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2017-0329.html"
              },
              {
                "name": "RHSA-2017:0334",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2017-0334.html"
              },
              {
                "name": "1037870",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1037870"
              },
              {
                "name": "RHSA-2017:0328",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2017-0328.html"
              },
              {
                "name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
              },
              {
                "name": "RHSA-2017:0333",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2017-0333.html"
              },
              {
                "name": "RHSA-2017:0351",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2017-0351.html"
              },
              {
                "name": "RHSA-2017:0454",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2017-0454.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://xenbits.xen.org/xsa/advisory-209.html"
              },
              {
                "name": "RHSA-2017:0331",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2017-0331.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2620"
              },
              {
                "name": "[oss-security] 20170221 CVE-2017-2620 Qemu: display: cirrus: out-of-bounds access issue while in cirrus_bitblt_cputovideo",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2017/02/21/1"
              },
              {
                "name": "RHSA-2017:0350",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2017-0350.html"
              },
              {
                "name": "[debian-lts-announce] 20180206 [SECURITY] [DLA 1270-1] xen security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2018/02/msg00005.html"
              },
              {
                "name": "RHSA-2017:0396",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2017-0396.html"
              },
              {
                "name": "GLSA-201704-01",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201704-01"
              },
              {
                "name": "[qemu-devel] 20170221 [PATCH] cirrus: add blit_is_unsafe call to cirrus_bitblt_cputovideo (CVE-2017-2620)",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.gnu.org/archive/html/qemu-devel/2017-02/msg04700.html"
              },
              {
                "name": "RHSA-2017:0352",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2017-0352.html"
              },
              {
                "name": "RHSA-2017:0330",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2017-0330.html"
              },
              {
                "name": "RHSA-2017:0332",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2017-0332.html"
              },
              {
                "name": "96378",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/96378"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.citrix.com/article/CTX220771"
              },
              {
                "name": "GLSA-201703-07",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201703-07"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Qemu:",
              "vendor": "QEMU",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.8"
                }
              ]
            }
          ],
          "datePublic": "2017-02-21T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Quick emulator (QEMU) before 2.8 built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds access issue. The issue could occur while copying VGA data in cirrus_bitblt_cputovideo. A privileged user inside guest could use this flaw to crash the QEMU process OR potentially execute arbitrary code on host with privileges of the QEMU process."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-09-07T09:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2017:0329",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0329.html"
            },
            {
              "name": "RHSA-2017:0334",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0334.html"
            },
            {
              "name": "1037870",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1037870"
            },
            {
              "name": "RHSA-2017:0328",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0328.html"
            },
            {
              "name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
            },
            {
              "name": "RHSA-2017:0333",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0333.html"
            },
            {
              "name": "RHSA-2017:0351",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0351.html"
            },
            {
              "name": "RHSA-2017:0454",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0454.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://xenbits.xen.org/xsa/advisory-209.html"
            },
            {
              "name": "RHSA-2017:0331",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0331.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2620"
            },
            {
              "name": "[oss-security] 20170221 CVE-2017-2620 Qemu: display: cirrus: out-of-bounds access issue while in cirrus_bitblt_cputovideo",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2017/02/21/1"
            },
            {
              "name": "RHSA-2017:0350",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0350.html"
            },
            {
              "name": "[debian-lts-announce] 20180206 [SECURITY] [DLA 1270-1] xen security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2018/02/msg00005.html"
            },
            {
              "name": "RHSA-2017:0396",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0396.html"
            },
            {
              "name": "GLSA-201704-01",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201704-01"
            },
            {
              "name": "[qemu-devel] 20170221 [PATCH] cirrus: add blit_is_unsafe call to cirrus_bitblt_cputovideo (CVE-2017-2620)",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.gnu.org/archive/html/qemu-devel/2017-02/msg04700.html"
            },
            {
              "name": "RHSA-2017:0352",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0352.html"
            },
            {
              "name": "RHSA-2017:0330",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0330.html"
            },
            {
              "name": "RHSA-2017:0332",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0332.html"
            },
            {
              "name": "96378",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/96378"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.citrix.com/article/CTX220771"
            },
            {
              "name": "GLSA-201703-07",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201703-07"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2017-2620",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Qemu:",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2.8"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "QEMU"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Quick emulator (QEMU) before 2.8 built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds access issue. The issue could occur while copying VGA data in cirrus_bitblt_cputovideo. A privileged user inside guest could use this flaw to crash the QEMU process OR potentially execute arbitrary code on host with privileges of the QEMU process."
                }
              ]
            },
            "impact": {
              "cvss": [
                [
                  {
                    "vectorString": "5.5/CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L",
                    "version": "3.0"
                  }
                ],
                [
                  {
                    "vectorString": "4.9/AV:A/AC:M/Au:S/C:P/I:P/A:P",
                    "version": "2.0"
                  }
                ]
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-787"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "RHSA-2017:0329",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2017-0329.html"
                },
                {
                  "name": "RHSA-2017:0334",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2017-0334.html"
                },
                {
                  "name": "1037870",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1037870"
                },
                {
                  "name": "RHSA-2017:0328",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2017-0328.html"
                },
                {
                  "name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
                },
                {
                  "name": "RHSA-2017:0333",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2017-0333.html"
                },
                {
                  "name": "RHSA-2017:0351",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2017-0351.html"
                },
                {
                  "name": "RHSA-2017:0454",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2017-0454.html"
                },
                {
                  "name": "https://xenbits.xen.org/xsa/advisory-209.html",
                  "refsource": "CONFIRM",
                  "url": "https://xenbits.xen.org/xsa/advisory-209.html"
                },
                {
                  "name": "RHSA-2017:0331",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2017-0331.html"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2620",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2620"
                },
                {
                  "name": "[oss-security] 20170221 CVE-2017-2620 Qemu: display: cirrus: out-of-bounds access issue while in cirrus_bitblt_cputovideo",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2017/02/21/1"
                },
                {
                  "name": "RHSA-2017:0350",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2017-0350.html"
                },
                {
                  "name": "[debian-lts-announce] 20180206 [SECURITY] [DLA 1270-1] xen security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2018/02/msg00005.html"
                },
                {
                  "name": "RHSA-2017:0396",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2017-0396.html"
                },
                {
                  "name": "GLSA-201704-01",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201704-01"
                },
                {
                  "name": "[qemu-devel] 20170221 [PATCH] cirrus: add blit_is_unsafe call to cirrus_bitblt_cputovideo (CVE-2017-2620)",
                  "refsource": "MLIST",
                  "url": "https://lists.gnu.org/archive/html/qemu-devel/2017-02/msg04700.html"
                },
                {
                  "name": "RHSA-2017:0352",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2017-0352.html"
                },
                {
                  "name": "RHSA-2017:0330",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2017-0330.html"
                },
                {
                  "name": "RHSA-2017:0332",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2017-0332.html"
                },
                {
                  "name": "96378",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/96378"
                },
                {
                  "name": "https://support.citrix.com/article/CTX220771",
                  "refsource": "CONFIRM",
                  "url": "https://support.citrix.com/article/CTX220771"
                },
                {
                  "name": "GLSA-201703-07",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201703-07"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2017-2620",
        "datePublished": "2018-07-27T19:00:00.000Z",
        "dateReserved": "2016-12-01T00:00:00.000Z",
        "dateUpdated": "2024-08-05T14:02:07.311Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-2630 (GCVE-0-2017-2630)

    Vulnerability from nvd – Published: 2018-07-27 18:00 – Updated: 2024-08-05 14:02
    VLAI
    Summary
    A stack buffer overflow flaw was found in the Quick Emulator (QEMU) before 2.9 built with the Network Block Device (NBD) client support. The flaw could occur while processing server's response to a 'NBD_OPT_LIST' request. A malicious NBD server could use this issue to crash a remote NBD client resulting in DoS or potentially execute arbitrary code on client host with privileges of the QEMU process.
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    QEMU Qemu: Affected: 2.9
    Create a notification for this product.
    Date Public
    2017-02-03 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T14:02:07.177Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "RHSA-2017:2392",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2017:2392"
              },
              {
                "name": "96265",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/96265"
              },
              {
                "name": "GLSA-201704-01",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201704-01"
              },
              {
                "name": "[oss-security] 20170215 CVE-2017-2630 Qemu: nbd: oob stack write in client routine drop_sync",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2017/02/15/2"
              },
              {
                "name": "[qemu-devel] 20170206 [PATCH 05/18] nbd/client: fix drop_sync",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.gnu.org/archive/html/qemu-devel/2017-02/msg01246.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2630"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1422415"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/qemu/qemu/commit/2563c9c6b8670400c48e562034b321a7cf3d9a85"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Qemu:",
              "vendor": "QEMU",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.9"
                }
              ]
            }
          ],
          "datePublic": "2017-02-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A stack buffer overflow flaw was found in the Quick Emulator (QEMU) before 2.9 built with the Network Block Device (NBD) client support. The flaw could occur while processing server\u0027s response to a \u0027NBD_OPT_LIST\u0027 request. A malicious NBD server could use this issue to crash a remote NBD client resulting in DoS or potentially execute arbitrary code on client host with privileges of the QEMU process."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-09-08T12:55:04.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2017:2392",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2017:2392"
            },
            {
              "name": "96265",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/96265"
            },
            {
              "name": "GLSA-201704-01",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201704-01"
            },
            {
              "name": "[oss-security] 20170215 CVE-2017-2630 Qemu: nbd: oob stack write in client routine drop_sync",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2017/02/15/2"
            },
            {
              "name": "[qemu-devel] 20170206 [PATCH 05/18] nbd/client: fix drop_sync",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.gnu.org/archive/html/qemu-devel/2017-02/msg01246.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2630"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1422415"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/qemu/qemu/commit/2563c9c6b8670400c48e562034b321a7cf3d9a85"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2017-2630",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Qemu:",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2.9"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "QEMU"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A stack buffer overflow flaw was found in the Quick Emulator (QEMU) before 2.9 built with the Network Block Device (NBD) client support. The flaw could occur while processing server\u0027s response to a \u0027NBD_OPT_LIST\u0027 request. A malicious NBD server could use this issue to crash a remote NBD client resulting in DoS or potentially execute arbitrary code on client host with privileges of the QEMU process."
                }
              ]
            },
            "impact": {
              "cvss": [
                [
                  {
                    "vectorString": "5.5/CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L",
                    "version": "3.0"
                  }
                ],
                [
                  {
                    "vectorString": "4.6/AV:N/AC:H/Au:S/C:P/I:P/A:P",
                    "version": "2.0"
                  }
                ]
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-121"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "RHSA-2017:2392",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2017:2392"
                },
                {
                  "name": "96265",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/96265"
                },
                {
                  "name": "GLSA-201704-01",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201704-01"
                },
                {
                  "name": "[oss-security] 20170215 CVE-2017-2630 Qemu: nbd: oob stack write in client routine drop_sync",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2017/02/15/2"
                },
                {
                  "name": "[qemu-devel] 20170206 [PATCH 05/18] nbd/client: fix drop_sync",
                  "refsource": "MLIST",
                  "url": "https://lists.gnu.org/archive/html/qemu-devel/2017-02/msg01246.html"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2630",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2630"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1422415",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1422415"
                },
                {
                  "name": "https://github.com/qemu/qemu/commit/2563c9c6b8670400c48e562034b321a7cf3d9a85",
                  "refsource": "MISC",
                  "url": "https://github.com/qemu/qemu/commit/2563c9c6b8670400c48e562034b321a7cf3d9a85"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2017-2630",
        "datePublished": "2018-07-27T18:00:00.000Z",
        "dateReserved": "2016-12-01T00:00:00.000Z",
        "dateUpdated": "2024-08-05T14:02:07.177Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-9603 (GCVE-0-2016-9603)

    Vulnerability from cvelistv5 – Published: 2018-07-27 21:00 – Updated: 2024-08-06 02:59
    VLAI
    Summary
    A heap buffer overflow flaw was found in QEMU's Cirrus CLGD 54xx VGA emulator's VNC display driver support before 2.9; the issue could occur when a VNC client attempted to update its display after a VGA operation is performed by a guest. A privileged user/process inside a guest could use this flaw to crash the QEMU process or, potentially, execute arbitrary code on the host with privileges of the QEMU process.
    CWE
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/96893 vdb-entryx_refsource_BID
    https://access.redhat.com/errata/RHSA-2017:0983 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2017:0982 vendor-advisoryx_refsource_REDHAT
    https://lists.debian.org/debian-lts-announce/2018… mailing-listx_refsource_MLIST
    https://security.gentoo.org/glsa/201706-03 vendor-advisoryx_refsource_GENTOO
    https://access.redhat.com/errata/RHSA-2017:1206 vendor-advisoryx_refsource_REDHAT
    http://www.securitytracker.com/id/1038023 vdb-entryx_refsource_SECTRACK
    https://support.citrix.com/article/CTX221578 x_refsource_CONFIRM
    https://access.redhat.com/errata/RHSA-2017:0985 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2017:0987 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2017:0984 vendor-advisoryx_refsource_REDHAT
    https://lists.debian.org/debian-lts-announce/2018… mailing-listx_refsource_MLIST
    https://access.redhat.com/errata/RHSA-2017:0988 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2017:1441 vendor-advisoryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2… x_refsource_CONFIRM
    https://access.redhat.com/errata/RHSA-2017:0981 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2017:0980 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2017:1205 vendor-advisoryx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    QEMU Qemu: Affected: 2.9
    Create a notification for this product.
    Date Public
    2017-03-07 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T02:59:02.448Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "96893",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/96893"
              },
              {
                "name": "RHSA-2017:0983",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2017:0983"
              },
              {
                "name": "RHSA-2017:0982",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2017:0982"
              },
              {
                "name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
              },
              {
                "name": "GLSA-201706-03",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201706-03"
              },
              {
                "name": "RHSA-2017:1206",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2017:1206"
              },
              {
                "name": "1038023",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1038023"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.citrix.com/article/CTX221578"
              },
              {
                "name": "RHSA-2017:0985",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2017:0985"
              },
              {
                "name": "RHSA-2017:0987",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2017:0987"
              },
              {
                "name": "RHSA-2017:0984",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2017:0984"
              },
              {
                "name": "[debian-lts-announce] 20180206 [SECURITY] [DLA 1270-1] xen security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2018/02/msg00005.html"
              },
              {
                "name": "RHSA-2017:0988",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2017:0988"
              },
              {
                "name": "RHSA-2017:1441",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2017:1441"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9603"
              },
              {
                "name": "RHSA-2017:0981",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2017:0981"
              },
              {
                "name": "RHSA-2017:0980",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2017:0980"
              },
              {
                "name": "RHSA-2017:1205",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2017:1205"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Qemu:",
              "vendor": "QEMU",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.9"
                }
              ]
            }
          ],
          "datePublic": "2017-03-07T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A heap buffer overflow flaw was found in QEMU\u0027s Cirrus CLGD 54xx VGA emulator\u0027s VNC display driver support before 2.9; the issue could occur when a VNC client attempted to update its display after a VGA operation is performed by a guest. A privileged user/process inside a guest could use this flaw to crash the QEMU process or, potentially, execute arbitrary code on the host with privileges of the QEMU process."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "CWE-122",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-09-07T09:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "96893",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/96893"
            },
            {
              "name": "RHSA-2017:0983",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2017:0983"
            },
            {
              "name": "RHSA-2017:0982",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2017:0982"
            },
            {
              "name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
            },
            {
              "name": "GLSA-201706-03",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201706-03"
            },
            {
              "name": "RHSA-2017:1206",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2017:1206"
            },
            {
              "name": "1038023",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1038023"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.citrix.com/article/CTX221578"
            },
            {
              "name": "RHSA-2017:0985",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2017:0985"
            },
            {
              "name": "RHSA-2017:0987",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2017:0987"
            },
            {
              "name": "RHSA-2017:0984",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2017:0984"
            },
            {
              "name": "[debian-lts-announce] 20180206 [SECURITY] [DLA 1270-1] xen security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2018/02/msg00005.html"
            },
            {
              "name": "RHSA-2017:0988",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2017:0988"
            },
            {
              "name": "RHSA-2017:1441",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2017:1441"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9603"
            },
            {
              "name": "RHSA-2017:0981",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2017:0981"
            },
            {
              "name": "RHSA-2017:0980",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2017:0980"
            },
            {
              "name": "RHSA-2017:1205",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2017:1205"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2016-9603",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Qemu:",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2.9"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "QEMU"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A heap buffer overflow flaw was found in QEMU\u0027s Cirrus CLGD 54xx VGA emulator\u0027s VNC display driver support before 2.9; the issue could occur when a VNC client attempted to update its display after a VGA operation is performed by a guest. A privileged user/process inside a guest could use this flaw to crash the QEMU process or, potentially, execute arbitrary code on the host with privileges of the QEMU process."
                }
              ]
            },
            "impact": {
              "cvss": [
                [
                  {
                    "vectorString": "5.5/CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L",
                    "version": "3.0"
                  }
                ],
                [
                  {
                    "vectorString": "4.9/AV:A/AC:M/Au:S/C:P/I:P/A:P",
                    "version": "2.0"
                  }
                ]
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-122"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "96893",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/96893"
                },
                {
                  "name": "RHSA-2017:0983",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2017:0983"
                },
                {
                  "name": "RHSA-2017:0982",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2017:0982"
                },
                {
                  "name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
                },
                {
                  "name": "GLSA-201706-03",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201706-03"
                },
                {
                  "name": "RHSA-2017:1206",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2017:1206"
                },
                {
                  "name": "1038023",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1038023"
                },
                {
                  "name": "https://support.citrix.com/article/CTX221578",
                  "refsource": "CONFIRM",
                  "url": "https://support.citrix.com/article/CTX221578"
                },
                {
                  "name": "RHSA-2017:0985",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2017:0985"
                },
                {
                  "name": "RHSA-2017:0987",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2017:0987"
                },
                {
                  "name": "RHSA-2017:0984",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2017:0984"
                },
                {
                  "name": "[debian-lts-announce] 20180206 [SECURITY] [DLA 1270-1] xen security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2018/02/msg00005.html"
                },
                {
                  "name": "RHSA-2017:0988",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2017:0988"
                },
                {
                  "name": "RHSA-2017:1441",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2017:1441"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9603",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9603"
                },
                {
                  "name": "RHSA-2017:0981",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2017:0981"
                },
                {
                  "name": "RHSA-2017:0980",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2017:0980"
                },
                {
                  "name": "RHSA-2017:1205",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2017:1205"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2016-9603",
        "datePublished": "2018-07-27T21:00:00.000Z",
        "dateReserved": "2016-11-23T00:00:00.000Z",
        "dateUpdated": "2024-08-06T02:59:02.448Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-2620 (GCVE-0-2017-2620)

    Vulnerability from cvelistv5 – Published: 2018-07-27 19:00 – Updated: 2024-08-05 14:02
    VLAI
    Summary
    Quick emulator (QEMU) before 2.8 built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds access issue. The issue could occur while copying VGA data in cirrus_bitblt_cputovideo. A privileged user inside guest could use this flaw to crash the QEMU process OR potentially execute arbitrary code on host with privileges of the QEMU process.
    CWE
    Assigner
    References
    URL Tags
    http://rhn.redhat.com/errata/RHSA-2017-0329.html vendor-advisoryx_refsource_REDHAT
    http://rhn.redhat.com/errata/RHSA-2017-0334.html vendor-advisoryx_refsource_REDHAT
    http://www.securitytracker.com/id/1037870 vdb-entryx_refsource_SECTRACK
    http://rhn.redhat.com/errata/RHSA-2017-0328.html vendor-advisoryx_refsource_REDHAT
    https://lists.debian.org/debian-lts-announce/2018… mailing-listx_refsource_MLIST
    http://rhn.redhat.com/errata/RHSA-2017-0333.html vendor-advisoryx_refsource_REDHAT
    http://rhn.redhat.com/errata/RHSA-2017-0351.html vendor-advisoryx_refsource_REDHAT
    http://rhn.redhat.com/errata/RHSA-2017-0454.html vendor-advisoryx_refsource_REDHAT
    https://xenbits.xen.org/xsa/advisory-209.html x_refsource_CONFIRM
    http://rhn.redhat.com/errata/RHSA-2017-0331.html vendor-advisoryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2… x_refsource_CONFIRM
    http://www.openwall.com/lists/oss-security/2017/02/21/1 mailing-listx_refsource_MLIST
    http://rhn.redhat.com/errata/RHSA-2017-0350.html vendor-advisoryx_refsource_REDHAT
    https://lists.debian.org/debian-lts-announce/2018… mailing-listx_refsource_MLIST
    http://rhn.redhat.com/errata/RHSA-2017-0396.html vendor-advisoryx_refsource_REDHAT
    https://security.gentoo.org/glsa/201704-01 vendor-advisoryx_refsource_GENTOO
    https://lists.gnu.org/archive/html/qemu-devel/201… mailing-listx_refsource_MLIST
    http://rhn.redhat.com/errata/RHSA-2017-0352.html vendor-advisoryx_refsource_REDHAT
    http://rhn.redhat.com/errata/RHSA-2017-0330.html vendor-advisoryx_refsource_REDHAT
    http://rhn.redhat.com/errata/RHSA-2017-0332.html vendor-advisoryx_refsource_REDHAT
    http://www.securityfocus.com/bid/96378 vdb-entryx_refsource_BID
    https://support.citrix.com/article/CTX220771 x_refsource_CONFIRM
    https://security.gentoo.org/glsa/201703-07 vendor-advisoryx_refsource_GENTOO
    Impacted products
    Vendor Product Version
    QEMU Qemu: Affected: 2.8
    Create a notification for this product.
    Date Public
    2017-02-21 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T14:02:07.311Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "RHSA-2017:0329",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2017-0329.html"
              },
              {
                "name": "RHSA-2017:0334",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2017-0334.html"
              },
              {
                "name": "1037870",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1037870"
              },
              {
                "name": "RHSA-2017:0328",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2017-0328.html"
              },
              {
                "name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
              },
              {
                "name": "RHSA-2017:0333",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2017-0333.html"
              },
              {
                "name": "RHSA-2017:0351",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2017-0351.html"
              },
              {
                "name": "RHSA-2017:0454",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2017-0454.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://xenbits.xen.org/xsa/advisory-209.html"
              },
              {
                "name": "RHSA-2017:0331",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2017-0331.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2620"
              },
              {
                "name": "[oss-security] 20170221 CVE-2017-2620 Qemu: display: cirrus: out-of-bounds access issue while in cirrus_bitblt_cputovideo",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2017/02/21/1"
              },
              {
                "name": "RHSA-2017:0350",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2017-0350.html"
              },
              {
                "name": "[debian-lts-announce] 20180206 [SECURITY] [DLA 1270-1] xen security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2018/02/msg00005.html"
              },
              {
                "name": "RHSA-2017:0396",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2017-0396.html"
              },
              {
                "name": "GLSA-201704-01",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201704-01"
              },
              {
                "name": "[qemu-devel] 20170221 [PATCH] cirrus: add blit_is_unsafe call to cirrus_bitblt_cputovideo (CVE-2017-2620)",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.gnu.org/archive/html/qemu-devel/2017-02/msg04700.html"
              },
              {
                "name": "RHSA-2017:0352",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2017-0352.html"
              },
              {
                "name": "RHSA-2017:0330",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2017-0330.html"
              },
              {
                "name": "RHSA-2017:0332",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2017-0332.html"
              },
              {
                "name": "96378",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/96378"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.citrix.com/article/CTX220771"
              },
              {
                "name": "GLSA-201703-07",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201703-07"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Qemu:",
              "vendor": "QEMU",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.8"
                }
              ]
            }
          ],
          "datePublic": "2017-02-21T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Quick emulator (QEMU) before 2.8 built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds access issue. The issue could occur while copying VGA data in cirrus_bitblt_cputovideo. A privileged user inside guest could use this flaw to crash the QEMU process OR potentially execute arbitrary code on host with privileges of the QEMU process."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-09-07T09:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2017:0329",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0329.html"
            },
            {
              "name": "RHSA-2017:0334",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0334.html"
            },
            {
              "name": "1037870",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1037870"
            },
            {
              "name": "RHSA-2017:0328",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0328.html"
            },
            {
              "name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
            },
            {
              "name": "RHSA-2017:0333",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0333.html"
            },
            {
              "name": "RHSA-2017:0351",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0351.html"
            },
            {
              "name": "RHSA-2017:0454",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0454.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://xenbits.xen.org/xsa/advisory-209.html"
            },
            {
              "name": "RHSA-2017:0331",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0331.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2620"
            },
            {
              "name": "[oss-security] 20170221 CVE-2017-2620 Qemu: display: cirrus: out-of-bounds access issue while in cirrus_bitblt_cputovideo",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2017/02/21/1"
            },
            {
              "name": "RHSA-2017:0350",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0350.html"
            },
            {
              "name": "[debian-lts-announce] 20180206 [SECURITY] [DLA 1270-1] xen security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2018/02/msg00005.html"
            },
            {
              "name": "RHSA-2017:0396",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0396.html"
            },
            {
              "name": "GLSA-201704-01",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201704-01"
            },
            {
              "name": "[qemu-devel] 20170221 [PATCH] cirrus: add blit_is_unsafe call to cirrus_bitblt_cputovideo (CVE-2017-2620)",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.gnu.org/archive/html/qemu-devel/2017-02/msg04700.html"
            },
            {
              "name": "RHSA-2017:0352",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0352.html"
            },
            {
              "name": "RHSA-2017:0330",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0330.html"
            },
            {
              "name": "RHSA-2017:0332",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0332.html"
            },
            {
              "name": "96378",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/96378"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.citrix.com/article/CTX220771"
            },
            {
              "name": "GLSA-201703-07",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201703-07"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2017-2620",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Qemu:",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2.8"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "QEMU"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Quick emulator (QEMU) before 2.8 built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds access issue. The issue could occur while copying VGA data in cirrus_bitblt_cputovideo. A privileged user inside guest could use this flaw to crash the QEMU process OR potentially execute arbitrary code on host with privileges of the QEMU process."
                }
              ]
            },
            "impact": {
              "cvss": [
                [
                  {
                    "vectorString": "5.5/CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L",
                    "version": "3.0"
                  }
                ],
                [
                  {
                    "vectorString": "4.9/AV:A/AC:M/Au:S/C:P/I:P/A:P",
                    "version": "2.0"
                  }
                ]
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-787"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "RHSA-2017:0329",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2017-0329.html"
                },
                {
                  "name": "RHSA-2017:0334",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2017-0334.html"
                },
                {
                  "name": "1037870",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1037870"
                },
                {
                  "name": "RHSA-2017:0328",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2017-0328.html"
                },
                {
                  "name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
                },
                {
                  "name": "RHSA-2017:0333",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2017-0333.html"
                },
                {
                  "name": "RHSA-2017:0351",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2017-0351.html"
                },
                {
                  "name": "RHSA-2017:0454",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2017-0454.html"
                },
                {
                  "name": "https://xenbits.xen.org/xsa/advisory-209.html",
                  "refsource": "CONFIRM",
                  "url": "https://xenbits.xen.org/xsa/advisory-209.html"
                },
                {
                  "name": "RHSA-2017:0331",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2017-0331.html"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2620",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2620"
                },
                {
                  "name": "[oss-security] 20170221 CVE-2017-2620 Qemu: display: cirrus: out-of-bounds access issue while in cirrus_bitblt_cputovideo",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2017/02/21/1"
                },
                {
                  "name": "RHSA-2017:0350",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2017-0350.html"
                },
                {
                  "name": "[debian-lts-announce] 20180206 [SECURITY] [DLA 1270-1] xen security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2018/02/msg00005.html"
                },
                {
                  "name": "RHSA-2017:0396",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2017-0396.html"
                },
                {
                  "name": "GLSA-201704-01",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201704-01"
                },
                {
                  "name": "[qemu-devel] 20170221 [PATCH] cirrus: add blit_is_unsafe call to cirrus_bitblt_cputovideo (CVE-2017-2620)",
                  "refsource": "MLIST",
                  "url": "https://lists.gnu.org/archive/html/qemu-devel/2017-02/msg04700.html"
                },
                {
                  "name": "RHSA-2017:0352",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2017-0352.html"
                },
                {
                  "name": "RHSA-2017:0330",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2017-0330.html"
                },
                {
                  "name": "RHSA-2017:0332",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2017-0332.html"
                },
                {
                  "name": "96378",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/96378"
                },
                {
                  "name": "https://support.citrix.com/article/CTX220771",
                  "refsource": "CONFIRM",
                  "url": "https://support.citrix.com/article/CTX220771"
                },
                {
                  "name": "GLSA-201703-07",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201703-07"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2017-2620",
        "datePublished": "2018-07-27T19:00:00.000Z",
        "dateReserved": "2016-12-01T00:00:00.000Z",
        "dateUpdated": "2024-08-05T14:02:07.311Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-2633 (GCVE-0-2017-2633)

    Vulnerability from cvelistv5 – Published: 2018-07-27 19:00 – Updated: 2024-08-05 14:02
    VLAI
    Summary
    An out-of-bounds memory access issue was found in Quick Emulator (QEMU) before 1.7.2 in the VNC display driver. This flaw could occur while refreshing the VNC display surface area in the 'vnc_refresh_server_surface'. A user inside a guest could use this flaw to crash the QEMU process.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    QEMU Qemu: Affected: 1.7.2
    Create a notification for this product.
    Date Public
    2016-12-01 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T14:02:06.898Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[oss-security] 20170223 CVE-2017-2633 Qemu: VNC: memory corruption due to unchecked resolution limit",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2017/02/23/1"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=bea60dd7679364493a0d7f5b54316c767cf894ef"
              },
              {
                "name": "RHSA-2017:1206",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2017:1206"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=9f64916da20eea67121d544698676295bbb105a7"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2633"
              },
              {
                "name": "RHSA-2017:1441",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2017:1441"
              },
              {
                "name": "96417",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/96417"
              },
              {
                "name": "RHSA-2017:1856",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2017:1856"
              },
              {
                "name": "RHSA-2017:1205",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2017:1205"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Qemu:",
              "vendor": "QEMU",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.7.2"
                }
              ]
            }
          ],
          "datePublic": "2016-12-01T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An out-of-bounds memory access issue was found in Quick Emulator (QEMU) before 1.7.2 in the VNC display driver. This flaw could occur while refreshing the VNC display surface area in the \u0027vnc_refresh_server_surface\u0027. A user inside a guest could use this flaw to crash the QEMU process."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "CWE-120",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-07-28T09:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "[oss-security] 20170223 CVE-2017-2633 Qemu: VNC: memory corruption due to unchecked resolution limit",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2017/02/23/1"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=bea60dd7679364493a0d7f5b54316c767cf894ef"
            },
            {
              "name": "RHSA-2017:1206",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2017:1206"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=9f64916da20eea67121d544698676295bbb105a7"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2633"
            },
            {
              "name": "RHSA-2017:1441",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2017:1441"
            },
            {
              "name": "96417",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/96417"
            },
            {
              "name": "RHSA-2017:1856",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2017:1856"
            },
            {
              "name": "RHSA-2017:1205",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2017:1205"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2017-2633",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Qemu:",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "1.7.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "QEMU"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An out-of-bounds memory access issue was found in Quick Emulator (QEMU) before 1.7.2 in the VNC display driver. This flaw could occur while refreshing the VNC display surface area in the \u0027vnc_refresh_server_surface\u0027. A user inside a guest could use this flaw to crash the QEMU process."
                }
              ]
            },
            "impact": {
              "cvss": [
                [
                  {
                    "vectorString": "5.4/CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L",
                    "version": "3.0"
                  }
                ],
                [
                  {
                    "vectorString": "3.8/AV:A/AC:M/Au:S/C:N/I:P/A:P",
                    "version": "2.0"
                  }
                ]
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-120"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "[oss-security] 20170223 CVE-2017-2633 Qemu: VNC: memory corruption due to unchecked resolution limit",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2017/02/23/1"
                },
                {
                  "name": "https://git.qemu.org/?p=qemu.git;a=commitdiff;h=bea60dd7679364493a0d7f5b54316c767cf894ef",
                  "refsource": "CONFIRM",
                  "url": "https://git.qemu.org/?p=qemu.git;a=commitdiff;h=bea60dd7679364493a0d7f5b54316c767cf894ef"
                },
                {
                  "name": "RHSA-2017:1206",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2017:1206"
                },
                {
                  "name": "https://git.qemu.org/?p=qemu.git;a=commitdiff;h=9f64916da20eea67121d544698676295bbb105a7",
                  "refsource": "CONFIRM",
                  "url": "https://git.qemu.org/?p=qemu.git;a=commitdiff;h=9f64916da20eea67121d544698676295bbb105a7"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2633",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2633"
                },
                {
                  "name": "RHSA-2017:1441",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2017:1441"
                },
                {
                  "name": "96417",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/96417"
                },
                {
                  "name": "RHSA-2017:1856",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2017:1856"
                },
                {
                  "name": "RHSA-2017:1205",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2017:1205"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2017-2633",
        "datePublished": "2018-07-27T19:00:00.000Z",
        "dateReserved": "2016-12-01T00:00:00.000Z",
        "dateUpdated": "2024-08-05T14:02:06.898Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-2630 (GCVE-0-2017-2630)

    Vulnerability from cvelistv5 – Published: 2018-07-27 18:00 – Updated: 2024-08-05 14:02
    VLAI
    Summary
    A stack buffer overflow flaw was found in the Quick Emulator (QEMU) before 2.9 built with the Network Block Device (NBD) client support. The flaw could occur while processing server's response to a 'NBD_OPT_LIST' request. A malicious NBD server could use this issue to crash a remote NBD client resulting in DoS or potentially execute arbitrary code on client host with privileges of the QEMU process.
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    QEMU Qemu: Affected: 2.9
    Create a notification for this product.
    Date Public
    2017-02-03 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T14:02:07.177Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "RHSA-2017:2392",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2017:2392"
              },
              {
                "name": "96265",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/96265"
              },
              {
                "name": "GLSA-201704-01",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201704-01"
              },
              {
                "name": "[oss-security] 20170215 CVE-2017-2630 Qemu: nbd: oob stack write in client routine drop_sync",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2017/02/15/2"
              },
              {
                "name": "[qemu-devel] 20170206 [PATCH 05/18] nbd/client: fix drop_sync",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.gnu.org/archive/html/qemu-devel/2017-02/msg01246.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2630"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1422415"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/qemu/qemu/commit/2563c9c6b8670400c48e562034b321a7cf3d9a85"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Qemu:",
              "vendor": "QEMU",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.9"
                }
              ]
            }
          ],
          "datePublic": "2017-02-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A stack buffer overflow flaw was found in the Quick Emulator (QEMU) before 2.9 built with the Network Block Device (NBD) client support. The flaw could occur while processing server\u0027s response to a \u0027NBD_OPT_LIST\u0027 request. A malicious NBD server could use this issue to crash a remote NBD client resulting in DoS or potentially execute arbitrary code on client host with privileges of the QEMU process."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-09-08T12:55:04.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2017:2392",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2017:2392"
            },
            {
              "name": "96265",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/96265"
            },
            {
              "name": "GLSA-201704-01",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201704-01"
            },
            {
              "name": "[oss-security] 20170215 CVE-2017-2630 Qemu: nbd: oob stack write in client routine drop_sync",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2017/02/15/2"
            },
            {
              "name": "[qemu-devel] 20170206 [PATCH 05/18] nbd/client: fix drop_sync",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.gnu.org/archive/html/qemu-devel/2017-02/msg01246.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2630"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1422415"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/qemu/qemu/commit/2563c9c6b8670400c48e562034b321a7cf3d9a85"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2017-2630",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Qemu:",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2.9"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "QEMU"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A stack buffer overflow flaw was found in the Quick Emulator (QEMU) before 2.9 built with the Network Block Device (NBD) client support. The flaw could occur while processing server\u0027s response to a \u0027NBD_OPT_LIST\u0027 request. A malicious NBD server could use this issue to crash a remote NBD client resulting in DoS or potentially execute arbitrary code on client host with privileges of the QEMU process."
                }
              ]
            },
            "impact": {
              "cvss": [
                [
                  {
                    "vectorString": "5.5/CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L",
                    "version": "3.0"
                  }
                ],
                [
                  {
                    "vectorString": "4.6/AV:N/AC:H/Au:S/C:P/I:P/A:P",
                    "version": "2.0"
                  }
                ]
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-121"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "RHSA-2017:2392",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2017:2392"
                },
                {
                  "name": "96265",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/96265"
                },
                {
                  "name": "GLSA-201704-01",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201704-01"
                },
                {
                  "name": "[oss-security] 20170215 CVE-2017-2630 Qemu: nbd: oob stack write in client routine drop_sync",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2017/02/15/2"
                },
                {
                  "name": "[qemu-devel] 20170206 [PATCH 05/18] nbd/client: fix drop_sync",
                  "refsource": "MLIST",
                  "url": "https://lists.gnu.org/archive/html/qemu-devel/2017-02/msg01246.html"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2630",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2630"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1422415",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1422415"
                },
                {
                  "name": "https://github.com/qemu/qemu/commit/2563c9c6b8670400c48e562034b321a7cf3d9a85",
                  "refsource": "MISC",
                  "url": "https://github.com/qemu/qemu/commit/2563c9c6b8670400c48e562034b321a7cf3d9a85"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2017-2630",
        "datePublished": "2018-07-27T18:00:00.000Z",
        "dateReserved": "2016-12-01T00:00:00.000Z",
        "dateUpdated": "2024-08-05T14:02:07.177Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }