Vulnerabilities > CVE-2020-10761 - Reachable Assertion vulnerability in multiple products

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
LOW

Summary

An assertion failure issue was found in the Network Block Device(NBD) Server in all QEMU versions before QEMU 5.0.1. This flaw occurs when an nbd-client sends a spec-compliant request that is near the boundary of maximum permitted request length. A remote nbd-client could use this flaw to crash the qemu-nbd server resulting in a denial of service.

Vulnerable Configurations

Part Description Count
Application
Qemu
329
OS
Redhat
2
OS
Opensuse
1
OS
Canonical
3

Common Weakness Enumeration (CWE)