Lucene search

RedosROS-20240627-05

HistoryJun 27, 2024 - 12:00 a.m.

ROS-20240627-05

2024-06-2700:00:00

redos.red-soft.ru

qemu

hardware emulator

vulnerability

update_sctp_checksum()

denial of service

fragmented packet

reachability

remote attacker

denial of service

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

6.5 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

A vulnerability in the update_sctp_checksum() function of the QEMU hardware emulator is related to a reachability assertion when attempting to calculate the checksum of a fragmented packet of small size.
of reachability when attempting to compute the checksum of a fragmented small packet.
Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service

OSVersionArchitecturePackageVersionFilename
redos7.3x86_64qemu<= 7.2.7-0.15UNKNOWN

OS	Version	Architecture	Package	Version	Filename
redos	7.3	x86_64	qemu	<= 7.2.7-0.15	UNKNOWN

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

6.5 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for ROS-20240627-05