ByteOS Network

NVD Vulnerability Details :

CVE-2017-2633

Modified

Source-secalert@redhat.com

Published At-27 Jul, 2018 | 19:29

Updated At-07 Nov, 2023 | 02:43

An out-of-bounds memory access issue was found in Quick Emulator (QEMU) before 1.7.2 in the VNC display driver. This flaw could occur while refreshing the VNC display surface area in the 'vnc_refresh_server_surface'. A user inside a guest could use this flaw to crash the QEMU process.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.0	6.5	MEDIUM	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Secondary	3.0	5.4	MEDIUM	CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L
Primary	2.0	4.0	MEDIUM	AV:N/AC:L/Au:S/C:N/I:N/A:P

Type: Primary

Version: 3.0

Base score: 6.5

Base severity: MEDIUM

Vector:

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Type: Secondary

Version: 3.0

Base score: 5.4

Base severity: MEDIUM

Vector:

CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L

Type: Primary

Version: 2.0

Base score: 4.0

Base severity: MEDIUM

Vector:

AV:N/AC:L/Au:S/C:N/I:N/A:P

CPE Matches

QEMU

>>qemu>>Versions before 1.7.2(exclusive)

cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*

Red Hat, Inc.

>>enterprise_linux_desktop>>6.0

cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*

Red Hat, Inc.

>>enterprise_linux_desktop>>7.0

cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*

Red Hat, Inc.

>>enterprise_linux_server>>6.0

cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*

Red Hat, Inc.

>>enterprise_linux_server>>7.0

cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*

Red Hat, Inc.

>>enterprise_linux_server_aus>>7.4

cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*

Red Hat, Inc.

>>enterprise_linux_server_eus>>7.4

cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*

Red Hat, Inc.

>>enterprise_linux_server_eus>>7.5

cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*

Red Hat, Inc.

>>enterprise_linux_workstation>>6.0

cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*

Red Hat, Inc.

>>enterprise_linux_workstation>>7.0

cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-125	Primary	nvd@nist.gov
CWE-787	Primary	nvd@nist.gov
CWE-120	Secondary	secalert@redhat.com

CWE ID: CWE-125

Type: Primary

Source: nvd@nist.gov

CWE ID: CWE-787

Type: Primary

Source: nvd@nist.gov

CWE ID: CWE-120

Type: Secondary

Source: secalert@redhat.com

References

Hyperlink	Source	Resource
http://www.openwall.com/lists/oss-security/2017/02/23/1	secalert@redhat.com	Mailing List Patch Third Party Advisory
http://www.securityfocus.com/bid/96417	secalert@redhat.com	Third Party Advisory VDB Entry
https://access.redhat.com/errata/RHSA-2017:1205	secalert@redhat.com	Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:1206	secalert@redhat.com	Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:1441	secalert@redhat.com	Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:1856	secalert@redhat.com	Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2633	secalert@redhat.com	Issue Tracking Patch Third Party Advisory
https://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=9f64916da20eea67121d544698676295bbb105a7	secalert@redhat.com	N/A
https://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=bea60dd7679364493a0d7f5b54316c767cf894ef	secalert@redhat.com	N/A