Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2017-15118Stack-based Buffer Overflow in Qemu

CWE-121Stack-based Buffer OverflowCWE-787Out-of-bounds Write13 documents8 sources
Severity
9.8CRITICALNVD
OSV4.4
EPSS
1.6%
top 18.23%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
4
QemuDebian QemuCanonical Ubuntu Linux+1 more
Timeline
PublishedJul 27
Latest updateMay 13

Description

A stack-based buffer overflow vulnerability was found in NBD server implementation in qemu before 2.11 allowing a client to request an export name of size up to 4096 bytes, which in fact should be limited to 256 bytes, causing an out-of-bounds stack write in the qemu process. If NBD server requires TLS, the attacker cannot trigger the buffer overflow without first successfully negotiating TLS.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages5 packages

NVDqemu/qemu< 2.11
debiandebian/qemu< qemu 1:2.11+dfsg-1 (bookworm)
Debianqemu/qemu< 1:2.11+dfsg-1+3
Ubuntuqemu/qemu< 2.0.0+dfsg-2ubuntu1.39+3
CVEListV5qemu/qemu2.11

Also affects: Ubuntu Linux 14.04, 16.04, 17.10, Enterprise Linux 7.0

Patches

Patch: www.openwall.comPatch: bugzilla.redhat.comPatch: lists.gnu.org

🔴Vulnerability Details

4
GHSA
GHSA-p8q8-xqgv-rwvr: A stack-based buffer overflow vulnerability was found in NBD server implementation in qemu before 22022-05-13
OSV
CVE-2017-15118: A stack-based buffer overflow vulnerability was found in NBD server implementation in qemu before 22018-07-27
OSV
qemu regression2018-03-05
OSV
qemu vulnerabilities2018-02-20

💥Exploits & PoCs

1
Exploit-DB
QEMU - NBD Server Long Export Name Stack Buffer Overflow2017-11-29

📋Vendor Advisories

4
Ubuntu
QEMU regression2018-03-05
Ubuntu
QEMU vulnerabilities2018-02-20
Red Hat
Qemu: stack buffer overflow in NBD server triggered via long export name2017-11-28
Debian
CVE-2017-15118: qemu - A stack-based buffer overflow vulnerability was found in NBD server implementati...2017

💬Community

3
Bugzilla
CVE-2017-15118 qemu: Stack-based buffer overflow in NBD server triggered via long export name [fedora-all]2017-11-28
Bugzilla
CVE-2017-15118 qemu: stack buffer overflow in NBD server triggered via long export name [epel-7]2017-11-28
Bugzilla
CVE-2017-15118 Qemu: stack buffer overflow in NBD server triggered via long export name2017-11-23