CVE-2017-2633

MEDIUM

Qemu < 1.7.2 - Out-of-Bounds Write

Title source: rule
STIX 2.1

Description

An out-of-bounds memory access issue was found in Quick Emulator (QEMU) before 1.7.2 in the VNC display driver. This flaw could occur while refreshing the VNC display surface area in the 'vnc_refresh_server_surface'. A user inside a guest could use this flaw to crash the QEMU process.

References (9)

Core 9
Core References
Mailing List, Patch, Third Party Advisory mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2017/02/23/1
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2017:1206
Issue Tracking, Patch, Third Party Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2633
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2017:1441
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/96417
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2017:1856
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2017:1205

Scores

CVSS v3 5.4
EPSS 0.0056
EPSS Percentile 68.3%
Attack Vector ADJACENT_NETWORK
CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L

Details

CWE
CWE-125 CWE-120 CWE-787
Status published
Products (10)
qemu/qemu < 1.7.2
redhat/enterprise_linux_desktop 6.0
redhat/enterprise_linux_desktop 7.0
redhat/enterprise_linux_server 6.0
redhat/enterprise_linux_server 7.0
redhat/enterprise_linux_server_aus 7.4
redhat/enterprise_linux_server_eus 7.4
redhat/enterprise_linux_server_eus 7.5
redhat/enterprise_linux_workstation 6.0
redhat/enterprise_linux_workstation 7.0
Published Jul 27, 2018
Tracked Since Feb 18, 2026