CVE-2017-13711
Description
Use-after-free vulnerability in the sofree function in slirp/socket.c in QEMU (aka Quick Emulator) allows attackers to cause a denial of service (QEMU instance crash) by leveraging failure to properly clear ifq_so from pending packets.
Risk Information
Base Score
7.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
2.957
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Multiple Vulnerabilities are affected in QEMU 2.9.0 | Windows |
| qemu security update(DSA-3991-1) qemu_2.8+dfsg-6+deb9u2_i386.deb | Linux |
| Qemu-kvm security update (CESA-2018:0023) qemu-img-1.5.3-156.el7.x86_64.rpm | Linux |
| Qemu-kvm security update (CESA-2018:0023) qemu-kvm-1.5.3-156.el7.x86_64.rpm | Linux |
| Qemu-kvm security update (CESA-2018:0023) qemu-kvm-tools-1.5.3-156.el7.x86_64.rpm | Linux |
| Qemu-kvm security update (CESA-2018:0023) qemu-kvm-common-1.5.3-156.el7.x86_64.rpm | Linux |
| (RHSA-2018:0816) Low: qemu-kvm security, bug fix, and enhancement update qemu-img-1.5.3-156.el7.x86_64.rpm | Linux |
| (RHSA-2018:0816) Low: qemu-kvm security, bug fix, and enhancement update qemu-kvm-1.5.3-156.el7.x86_64.rpm | Linux |
| (RHSA-2018:0816) Low: qemu-kvm security, bug fix, and enhancement update qemu-kvm-common-1.5.3-156.el7.x86_64.rpm | Linux |
| (RHSA-2018:0816) Low: qemu-kvm security, bug fix, and enhancement update qemu-kvm-tools-1.5.3-156.el7.x86_64.rpm | Linux |
| Use After Free Vulnerability (CVE-2017-13711) | NCM |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234