CVE-2017-15118

HIGH

qemu < 2.11 - Stack-based Buffer Overflow in NBD Server Export Name Handling

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-15118. PoCs published by Eric Blake.

AI-analyzed exploit summary The writeup describes a stack-based buffer overflow in QEMU's NBD server (CVE-2017-15118) due to improper handling of export names longer than 256 bytes. It includes a demonstration command to trigger the crash but does not provide functional exploit code.

Description

A stack-based buffer overflow vulnerability was found in NBD server implementation in qemu before 2.11 allowing a client to request an export name of size up to 4096 bytes, which in fact should be limited to 256 bytes, causing an out-of-bounds stack write in the qemu process. If NBD server requires TLS, the attacker cannot trigger the buffer overflow without first successfully negotiating TLS.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Eric Blake · textdoslinux

https://www.exploit-db.com/exploits/43194

View Code ZIP pw:eip

The writeup describes a stack-based buffer overflow in QEMU's NBD server (CVE-2017-15118) due to improper handling of export names longer than 256 bytes. It includes a demonstration command to trigger the crash but does not provide functional exploit code.

Classification

Writeup 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: QEMU (versions with NBD server, introduced in commit f37708f6b8, 2.10+)

No auth needed

Prerequisites: QEMU NBD server running and accessible · Ability to send crafted NBD requests

MITRE ATT&CK