CVE-2020-10761
Published: 9 June 2020
An assertion failure issue was found in the Network Block Device(NBD) Server in all QEMU versions before QEMU 5.0.1. This flaw occurs when an nbd-client sends a spec-compliant request that is near the boundary of maximum permitted request length. A remote nbd-client could use this flaw to crash the qemu-nbd server resulting in a denial of service.
Notes
Author | Note |
---|---|
mdeslaur | introduced in qemu 4.2 |
Priority
CVSS 3 base score: 5.0
Status
Package | Release | Status |
---|---|---|
qemu Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(code not present)
|
eoan |
Ignored
(reached end-of-life)
|
|
focal |
Released
(1:4.2-3ubuntu6.4)
|
|
precise |
Does not exist
|
|
trusty |
Not vulnerable
(code not present)
|
|
upstream |
Needs triage
|
|
xenial |
Not vulnerable
(code not present)
|
|
Patches: upstream: https://git.qemu.org/?p=qemu.git;a=commit;h=5c4fe018c025740fef4a0a4421e8162db0c3eefd |
||
qemu-kvm Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
eoan |
Does not exist
|
|
focal |
Does not exist
|
|
precise |
Not vulnerable
(code not present)
|
|
trusty |
Does not exist
|
|
upstream |
Needs triage
|
|
xenial |
Does not exist
|