CVE-2017-2633 — Classic Buffer Overflow in Qemu

CWE-120 — Classic Buffer Overflow CWE-125 — Out-of-bounds Read CWE-787 — Out-of-bounds Write9 documents8 sources

Severity

6.5MEDIUMNVD

CNA5.4

EPSS

0.6%

top 31.74%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Qemu Redhat Enterprise Linux Desktop Redhat Enterprise Linux Server +3 more

Timeline

PublishedJul 27

Latest updateMay 13

Description

An out-of-bounds memory access issue was found in Quick Emulator (QEMU) before 1.7.2 in the VNC display driver. This flaw could occur while refreshing the VNC display surface area in the 'vnc_refresh_server_surface'. A user inside a guest could use this flaw to crash the QEMU process.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages6 packages

▶NVDqemu/qemu< 1.7.2

▶Debianqemu/qemu< 2.1+dfsg-1+3

▶CVEListV5qemu/qemu1.7.2

▶NVDredhat/enterprise_linux_server6.0, 7.0+1

▶NVDredhat/enterprise_linux_desktop6.0, 7.0+1

Also affects: Enterprise Linux 7.4, 7.5

Patches

Patch: www.openwall.com ↗Patch: bugzilla.redhat.com ↗Patch: www.openwall.com ↗

🔴Vulnerability Details

GHSA

GHSA-c46f-47cq-c2fg: An out-of-bounds memory access issue was found in Quick Emulator (QEMU) before 1↗2022-05-13

▶

OSV

CVE-2017-2633: An out-of-bounds memory access issue was found in Quick Emulator (QEMU) before 1↗2018-07-27

▶

CVEList

CVE-2017-2633: An out-of-bounds memory access issue was found in Quick Emulator (QEMU) before 1↗2018-07-27

▶

📋Vendor Advisories

Ubuntu

QEMU vulnerabilities↗2017-04-20

▶

Debian

CVE-2017-2633: qemu - An out-of-bounds memory access issue was found in Quick Emulator (QEMU) before 1...↗2017

▶

Red Hat

Qemu: VNC: memory corruption due to unchecked resolution limit↗2016-12-01

▶

💬Community

Bugzilla

CVE-2017-2633 Qemu: VNC: memory corruption due to unchecked resolution limit↗2017-02-22

▶

Bugzilla

CVE-2017-2633 qemu-kvm coredump in vnc_refresh_server_surface [rhel-6.9.z]↗2016-12-01

▶