CVE-2020-10761
Published: 9 June 2020
An assertion failure issue was found in the Network Block Device(NBD) Server in all QEMU versions before QEMU 5.0.1. This flaw occurs when an nbd-client sends a spec-compliant request that is near the boundary of maximum permitted request length. A remote nbd-client could use this flaw to crash the qemu-nbd server resulting in a denial of service.
Notes
| Author | Note |
|---|---|
| mdeslaur | introduced in qemu 4.2 |
Priority
Medium
CVSS 3 base score: 5.0
Status
| Package | Release | Status |
|---|---|---|
|
qemu Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(code not present)
|
| eoan |
Ignored
(reached end-of-life)
|
|
| focal |
Released
(1:4.2-3ubuntu6.4)
|
|
| precise |
Does not exist
|
|
| trusty |
Not vulnerable
(code not present)
|
|
| upstream |
Needs triage
|
|
| xenial |
Not vulnerable
(code not present)
|
|
|
Patches: upstream: https://git.qemu.org/?p=qemu.git;a=commit;h=5c4fe018c025740fef4a0a4421e8162db0c3eefd |
||
|
qemu-kvm Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| eoan |
Does not exist
|
|
| focal |
Does not exist
|
|
| precise |
Not vulnerable
(code not present)
|
|
| trusty |
Does not exist
|
|
| upstream |
Needs triage
|
|
| xenial |
Does not exist
|
|