{"id":"CVE-2024-3567","details":"A flaw was found in QEMU. An assertion failure was present in the update_sctp_checksum() function in hw/net/net_tx_pkt.c when trying to calculate the checksum of a short-sized fragmented packet. This flaw allows a malicious guest to crash QEMU and cause a denial of service condition.","modified":"2026-03-11T07:51:25.627480748Z","published":"2024-04-10T15:16:05.097Z","related":["SUSE-SU-2025:20011-1","openSUSE-SU-2024:13876-1"],"references":[{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2025:4492"},{"type":"ADVISORY","url":"https://access.redhat.com/security/cve/CVE-2024-3567"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20240822-0007/"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2274339"},{"type":"REPORT","url":"https://gitlab.com/qemu-project/qemu/-/issues/2273"},{"type":"EVIDENCE","url":"https://gitlab.com/qemu-project/qemu/-/issues/2273"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/qemu/qemu","events":[{"introduced":"7e5a8bb22368b3555644cb2debd3df24592f3a21"},{"fixed":"8216663a5c88968a62f67e4aa80807167efceb8d"}]}],"versions":["v8.1.0","v8.2.0","v8.2.0-rc0","v8.2.0-rc1","v8.2.0-rc2","v8.2.0-rc3","v8.2.0-rc4","v8.2.1","v8.2.2"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-3567.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}]}