CVE-2017-2633

Published: 7/27/2018 Last updated: 8/5/2024 Reserved: 12/1/2016

An out-of-bounds memory access issue was found in Quick Emulator (QEMU) before 1.7.2 in the VNC display driver. This flaw could occur while refreshing the VNC display surface area in the 'vnc_refresh_server_surface'. A user inside a guest could use this flaw to crash the QEMU process.

CNA assigner: redhat (53f830b8-0a3f-465b-8143-3b8a9948e749) Requested by: n/a

Metrics

Version	Score	Severity	Vector String
3.0	5.4	Medium	CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L

Opam packages affected (2)

conf-qemu-img nbd-tool

Products affected (1)

Product	Vendor	Version
Qemu:	QEMU	QCN9022

References (18)

http://www.openwall.com/lists/oss-security/2017/02/23/1
https://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=bea60dd7679364493a0d7f5b54316c767cf894ef
https://access.redhat.com/errata/RHSA-2017:1206
https://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=9f64916da20eea67121d544698676295bbb105a7
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2633
https://access.redhat.com/errata/RHSA-2017:1441
http://www.securityfocus.com/bid/96417
https://access.redhat.com/errata/RHSA-2017:1856
https://access.redhat.com/errata/RHSA-2017:1205
http://www.openwall.com/lists/oss-security/2017/02/23/1
https://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=bea60dd7679364493a0d7f5b54316c767cf894ef
https://access.redhat.com/errata/RHSA-2017:1206
https://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=9f64916da20eea67121d544698676295bbb105a7
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2633
https://access.redhat.com/errata/RHSA-2017:1441
http://www.securityfocus.com/bid/96417
https://access.redhat.com/errata/RHSA-2017:1856
https://access.redhat.com/errata/RHSA-2017:1205