CVE-2017-8309
Advisory lineage Upstream: 0 Downstream: 19
Modified
Published: 23 May 2017, 03:56
Last modified:05 Aug 2024, 16:34
Vulnerability Summary
Overall Risk (default)
medium
31/100 CVSS Score
7.8 HIGH
v2.0 (nvd)
EPSS Score
1.11% LOW
1% probability -0.66%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
23 May 2017, 03:56
Published
Vulnerability first disclosed
05 Aug 2024, 16:34
Last Modified
Vulnerability information updated
Description
Memory leak in the audio/audio.c in QEMU (aka Quick Emulator) allows remote attackers to cause a denial of service (memory consumption) by repeatedly starting and stopping audio capture.
CVSS Metrics
- v3.1•HIGH•Score: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
- v2.0•HIGH•Score: 7.8AV:N/AC:L/Au:N/C:N/I:N/A:C
EPSS Trends
Current EPSS score: 1.11%• Percentile: 78%
Techniques & Countermeasures
- CWE-772•Missing Release of Resource after Effective Lifetime
The product does not release a resource after its effective lifetime has ended, i.e., after the resource is no longer needed.
Affected Systems
- debian•debian_linux
8.0
- qemu•qemu
≤ 2.9.1
- redhat•openstack
6.0 | 7.0 | 8 | 9 | 10 | 11