Assertion Failure Vulnerability in QEMU Network Block Device Server
CVE-2020-10761

5MEDIUM

Key Information:

Vendor
Red Hat
Status
Qemu:
Vendor
CVE Published:
9 June 2020

Summary

An assertion failure vulnerability exists in the Network Block Device (NBD) Server in QEMU prior to version 5.0.1. This vulnerability is triggered when an nbd-client sends requests that approach the maximum permitted length. A remote nbd-client could exploit this flaw, resulting in a denial of service by crashing the qemu-nbd server.

Affected Version(s)

QEMU: all QEMU versions before QEMU 5.0.1

References

https://www.openwall.com/lists/oss-security/2020/06/09/1
x_refsource_MISC
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10761
x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-announce/2020...
vendor-advisoryx_refsource_SUSE

CVSS V3.1

Score:
5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.