Your submission was sent successfully! Close

CVE-2020-10761

Published: 9 June 2020

An assertion failure issue was found in the Network Block Device(NBD) Server in all QEMU versions before QEMU 5.0.1. This flaw occurs when an nbd-client sends a spec-compliant request that is near the boundary of maximum permitted request length. A remote nbd-client could use this flaw to crash the qemu-nbd server resulting in a denial of service.

Priority

Medium

CVSS 3 base score: 5.0

Status

Package Release Status
qemu
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(code not present)
eoan Ignored
(reached end-of-life)
focal
Released (1:4.2-3ubuntu6.4)
precise Does not exist

trusty Not vulnerable
(code not present)
upstream Needs triage

xenial Not vulnerable
(code not present)
Patches:
upstream: https://git.qemu.org/?p=qemu.git;a=commit;h=5c4fe018c025740fef4a0a4421e8162db0c3eefd
qemu-kvm
Launchpad, Ubuntu, Debian
bionic Does not exist

eoan Does not exist

focal Does not exist

precise Not vulnerable
(code not present)
trusty Does not exist

upstream Needs triage

xenial Does not exist