CVE-2017-2633 Information

Feb 14, 2021 cve

Description

An out-of-bounds memory access issue was found in Quick Emulator (QEMU) before 1.7.2 in the VNC display driver. This flaw could occur while refreshing the VNC display surface area in the ‘vnc_refresh_server_surface’. A user inside a guest could use this flaw to crash the QEMU process.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Reference

http://www.openwall.com/lists/oss-security/2017/02/23/1 http://www.securityfocus.com/bid/96417 https://access.redhat.com/errata/RHSA-2017:1205 https://access.redhat.com/errata/RHSA-2017:1206 https://access.redhat.com/errata/RHSA-2017:1441 https://access.redhat.com/errata/RHSA-2017:1856 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2633 https://git.qemu.org/?p=qemu.git;a=commitdiff;h=9f64916da20eea67121d544698676295bbb105a7 https://git.qemu.org/?p=qemu.git;a=commitdiff;h=bea60dd7679364493a0d7f5b54316c767cf894ef

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

NONE

Base Score

HIGH

Base Severity

6.5

Share on: