{"id":"CVE-2024-3567","details":"A flaw was found in QEMU. An assertion failure was present in the update_sctp_checksum() function in hw/net/net_tx_pkt.c when trying to calculate the checksum of a short-sized fragmented packet. This flaw allows a malicious guest to crash QEMU and cause a denial of service condition.","modified":"2026-03-15T14:51:24.686643Z","published":"2024-04-10T15:16:05.097Z","related":["openSUSE-SU-2024:13876-1"],"references":[{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2025:4492"},{"type":"ADVISORY","url":"https://access.redhat.com/security/cve/CVE-2024-3567"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20240822-0007/"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2274339"},{"type":"REPORT","url":"https://gitlab.com/qemu-project/qemu/-/issues/2273"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/qemu/qemu","events":[{"introduced":"7e5a8bb22368b3555644cb2debd3df24592f3a21"},{"fixed":"8216663a5c88968a62f67e4aa80807167efceb8d"},{"introduced":"0"},{"last_affected":"c62d54d0a8067ffb3d5b909276f7296d7df33fa7"},{"introduced":"0"},{"last_affected":"5012e522aca161be5c141596c66e5cc6082538a9"},{"introduced":"0"},{"last_affected":"e5c6528dce86d7a9ada7ecf02fcb7b8560955131"},{"introduced":"0"},{"last_affected":"c25df57ae8f9fe1c72eee2dab37d76d904ac382e"}],"database_specific":{"versions":[{"introduced":"8.1.0"},{"fixed":"8.2.3"},{"introduced":"0"},{"last_affected":"9.0.0-rc0"},{"introduced":"0"},{"last_affected":"9.0.0-rc1"},{"introduced":"0"},{"last_affected":"9.0.0-rc2"},{"introduced":"0"},{"last_affected":"9.0"}]}}],"versions":["v8.1.0","v8.2.0","v8.2.0-rc0","v8.2.0-rc1","v8.2.0-rc2","v8.2.0-rc3","v8.2.0-rc4","v9.0.0-rc0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-3567.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}]}