CVEs-PoC/2020/CVE-2020-1711.md

### [CVE-2020-1711](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1711)
![](https://img.shields.io/static/v1?label=Product&message=QEMU&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-122&color=brighgreen)

### Description

An out-of-bounds heap buffer access flaw was found in the way the iSCSI Block driver in QEMU versions 2.12.0 before 4.2.1 handled a response coming from an iSCSI server while checking the status of a Logical Address Block (LBA) in an iscsi_co_block_status() routine. A remote user could use this flaw to crash the QEMU process, resulting in a denial of service or potential execution of arbitrary code with privileges of the QEMU process on the host.

### POC

#### Reference
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1711

#### Github
- https://github.com/ARPSyndicate/cvemon