Shodan
Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2020-1711

An out-of-bounds heap buffer access flaw was found in the way the iSCSI Block driver in QEMU versions 2.12.0 before 4.2.1 handled a response coming from an iSCSI server while checking the status of a Logical Address Block (LBA) in an iscsi_co_block_status() routine. A remote user could use this flaw to crash the QEMU process, resulting in a denial of service or potential execution of arbitrary code with privileges of the QEMU process on the host.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.007
EPSS Ranking 70.2%
CVSS Severity
CVSS v3 Score 7.7
CVSS v2 Score 6.0
References
Products affected by CVE-2020-1711
  • Qemu » Qemu » Version: 2.12.0
    cpe:2.3:a:qemu:qemu:2.12.0
  • Qemu » Qemu » Version: 2.12.1
    cpe:2.3:a:qemu:qemu:2.12.1
  • Qemu » Qemu » Version: 2.12.50
    cpe:2.3:a:qemu:qemu:2.12.50
  • Qemu » Qemu » Version: 2.17.2
    cpe:2.3:a:qemu:qemu:2.17.2
  • Qemu » Qemu » Version: 3.0.0
    cpe:2.3:a:qemu:qemu:3.0.0
  • Qemu » Qemu » Version: 3.0.1
    cpe:2.3:a:qemu:qemu:3.0.1
  • Qemu » Qemu » Version: 3.1
    cpe:2.3:a:qemu:qemu:3.1
  • Qemu » Qemu » Version: 3.1.0
    cpe:2.3:a:qemu:qemu:3.1.0
  • Qemu » Qemu » Version: 3.1.1
    cpe:2.3:a:qemu:qemu:3.1.1
  • Qemu » Qemu » Version: 3.1.1.1
    cpe:2.3:a:qemu:qemu:3.1.1.1
  • Qemu » Qemu » Version: 3.1.50
    cpe:2.3:a:qemu:qemu:3.1.50
  • Qemu » Qemu » Version: 4.0.0
    cpe:2.3:a:qemu:qemu:4.0.0
  • Qemu » Qemu » Version: 4.0.1
    cpe:2.3:a:qemu:qemu:4.0.1
  • Qemu » Qemu » Version: 4.1.0
    cpe:2.3:a:qemu:qemu:4.1.0
  • Qemu » Qemu » Version: 4.1.1
    cpe:2.3:a:qemu:qemu:4.1.1
  • Qemu » Qemu » Version: 4.2.0
    cpe:2.3:a:qemu:qemu:4.2.0
  • Qemu » Qemu » Version: 4.2.0-34
    cpe:2.3:a:qemu:qemu:4.2.0-34
  • Redhat » Openstack » Version: 10
    cpe:2.3:a:redhat:openstack:10
  • Redhat » Openstack » Version: 13
    cpe:2.3:a:redhat:openstack:13
  • Debian » Debian Linux » Version: 8.0
    cpe:2.3:o:debian:debian_linux:8.0
  • Debian » Debian Linux » Version: 9.0
    cpe:2.3:o:debian:debian_linux:9.0
  • Opensuse » Leap » Version: 15.1
    cpe:2.3:o:opensuse:leap:15.1
  • Redhat » Enterprise Linux » Version: 7.0
    cpe:2.3:o:redhat:enterprise_linux:7.0
  • Redhat » Enterprise Linux » Version: 8.0
    cpe:2.3:o:redhat:enterprise_linux:8.0


Products
Pricing
Contact Us

Shodan ® - All rights reserved