High severity8.1NVD Advisory· Published Oct 31, 2017· Updated Jun 17, 2026
CVE-2017-1000256
CVE-2017-1000256
Description
libvirt version 2.3.0 and later is vulnerable to a bad default configuration of "verify-peer=no" passed to QEMU by libvirt resulting in a failure to validate SSL/TLS certificates by default.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
8- osv-coords5 versionspkg:rpm/opensuse/libvirt&distro=openSUSE%20Tumbleweedpkg:rpm/suse/libvirt&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3pkg:rpm/suse/libvirt&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3pkg:rpm/suse/libvirt&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/libvirt&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3
< 7.7.0-2.1+ 4 more
- (no CPE)range: < 7.7.0-2.1
- (no CPE)range: < 3.3.0-5.8.1
- (no CPE)range: < 3.3.0-5.8.1
- (no CPE)range: < 3.3.0-5.8.1
- (no CPE)range: < 3.3.0-5.8.1
Patches
Vulnerability mechanics
References
4- www.debian.org/security/2017/dsa-4003nvdThird Party Advisory
- access.redhat.com/security/cve/CVE-2017-1000256nvdIssue TrackingVendor Advisory
- www.redhat.com/archives/libvirt-announce/2017-October/msg00001.htmlnvdIssue TrackingVendor Advisory
- www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg1556251.htmlnvd
News mentions
0No linked articles in our index yet.