CVE-2020-10761 — Reachable Assertion in Qemu
Severity
5.0MEDIUMNVD
EPSS
0.8%
top 25.25%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJun 9
Latest updateMay 24
Description
An assertion failure issue was found in the Network Block Device(NBD) Server in all QEMU versions before QEMU 5.0.1. This flaw occurs when an nbd-client sends a spec-compliant request that is near the boundary of maximum permitted request length. A remote nbd-client could use this flaw to crash the qemu-nbd server resulting in a denial of service.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:LExploitability: 3.1 | Impact: 1.4
Affected Packages4 packages
Also affects: Ubuntu Linux 16.04, 18.04, 20.04, Enterprise Linux 8.0
Patches
🔴Vulnerability Details
4GHSA▶
GHSA-qm9j-3g67-35f8: An assertion failure issue was found in the Network Block Device(NBD) Server in all QEMU versions before QEMU 5↗2022-05-24
OSV▶
CVE-2020-10761: An assertion failure issue was found in the Network Block Device(NBD) Server in all QEMU versions before QEMU 5↗2020-06-09
CVEList▶
CVE-2020-10761: An assertion failure issue was found in the Network Block Device(NBD) Server in all QEMU versions before QEMU 5↗2020-06-09
📋Vendor Advisories
4Microsoft▶
An assertion failure issue was found in the Network Block Device(NBD) Server in all QEMU versions before QEMU 5.0.1. This flaw occurs when an nbd-client sends a spec-compliant request that is near the↗2020-06-09
Red Hat
▶
Debian▶
CVE-2020-10761: qemu - An assertion failure issue was found in the Network Block Device(NBD) Server in ...↗2020