Note:
This project will be discontinued after December 13, 2021. [more]
2020-06-09
An assertion failure issue was found in the Network Block Device(NBD) Server in all QEMU versions before QEMU 5.0.1. This flaw occurs when an nbd-client sends a spec-compliant request that is near the boundary of maximum permitted request length. A remote nbd-client could use this flaw to crash the qemu-nbd server resulting in a denial of service.
| Products | Ubuntu_linux, Leap, Qemu, Enterprise_linux |
| Type | Reachable Assertion (CWE-617) |
| First patch | - None (likely due to unavailable code) |
| Links |
• https://www.openwall.com/lists/oss-security/2020/06/09/1
• https://security.gentoo.org/glsa/202011-09 • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00086.html • https://usn.ubuntu.com/4467-1/ • https://security.netapp.com/advisory/ntap-20200731-0001/ |