Vulnerability CVE-2017-10664: Information
Description
qemu-nbd in QEMU (aka Quick Emulator) does not ignore SIGPIPE, which allows remote attackers to cause a denial of service (daemon crash) by disconnecting during a server-to-client reply attempt.
Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Fixed packages
References to Advisories, Solutions, and Tools
Hyperlink | Resource |
---|---|
[qemu-devel] 20170611 [PATCH] qemu-nbd: Ignore SIGPIPE |
|
https://bugzilla.redhat.com/show_bug.cgi?id=1466190 |
|
99513 |
|
[oss-security] 20170629 CVE-2017-10664 Qemu: qemu-nbd: server breaks with SIGPIPE upon client abort |
|
DSA-3920 |
|
RHSA-2017:3474 |
|
RHSA-2017:3473 |
|
RHSA-2017:3472 |
|
RHSA-2017:3471 |
|
RHSA-2017:3470 |
|
RHSA-2017:3466 |
|
RHSA-2017:2445 |
|
RHSA-2017:2390 |
|
[debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update |
|