CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2020-27617

eth_get_gso_type in net/eth.c in QEMU 4.2.1 allows guest OS users to trigger an assertion failure. A guest can crash the QEMU process via packet data that lacks a valid Layer 3 protocol.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 56.7%

CVSS Severity

CVSS v3 Score 6.5

CVSS v2 Score 4.0

References

http://www.openwall.com/lists/oss-security/2020/11/02/1
https://lists.debian.org/debian-lts-announce/2020/11/msg00047.html
https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html
https://lists.nongnu.org/archive/html/qemu-devel/2020-10/msg05731.html
https://security.netapp.com/advisory/ntap-20201202-0002/
http://www.openwall.com/lists/oss-security/2020/11/02/1
https://lists.debian.org/debian-lts-announce/2020/11/msg00047.html
https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html
https://lists.nongnu.org/archive/html/qemu-devel/2020-10/msg05731.html
https://security.netapp.com/advisory/ntap-20201202-0002/

Products affected by CVE-2020-27617

Qemu » Qemu » Version: 4.2.1

cpe:2.3:a:qemu:qemu:4.2.1
Debian » Debian Linux » Version: 10.0

cpe:2.3:o:debian:debian_linux:10.0
Debian » Debian Linux » Version: 9.0

cpe:2.3:o:debian:debian_linux:9.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-27617

Products

Pricing

Contact Us