Lucene search

[email protected]CVE-2017-2633

HistoryJul 27, 2018 - 7:29 p.m.

CVE-2017-2633

2018-07-2719:29:00

CWE-787

CWE-120

CWE-125

[email protected]

web.nvd.nist.gov

cve-2017-2633

quick emulator

qemu

memory access issue

vnc

display driver

security vulnerability

nvd

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

5.5 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

62.0%

JSON

An out-of-bounds memory access issue was found in Quick Emulator (QEMU) before 1.7.2 in the VNC display driver. This flaw could occur while refreshing the VNC display surface area in the ‘vnc_refresh_server_surface’. A user inside a guest could use this flaw to crash the QEMU process.

Affected configurations

Vulners

NVD

Node

qemuqemuRange≤1.7.2

VendorProductVersionCPE
qemuqemu*cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
qemu	qemu	*	cpe:2.3:a:qemu:qemu::::::::

CNA Affected

[
  {
    "product": "Qemu:",
    "vendor": "QEMU",
    "versions": [
      {
        "status": "affected",
        "version": "1.7.2"
      }
    ]
  }
]