CVE-2018-19665

Опубликовано: 06 дек. 2018

Источник: debian

EPSS Низкий

Описание

The Bluetooth subsystem in QEMU mishandles negative values for length variables, leading to memory corruption.

Пакет	Статус	Версия исправления	Релиз	Тип
qemu	fixed	1:3.1+dfsg-2		package
qemu	ignored		stretch	package
qemu	ignored		jessie	package
qemu-kvm	removed			package

initial patch disputed
https://lists.gnu.org/archive/html/qemu-devel/2018-10/msg03822.html
second patch never accepted, no activity as of 20190909
https://lists.gnu.org/archive/html/qemu-devel/2018-11/msg03570.html
https://lists.gnu.org/archive/html/qemu-devel/2019-01/msg07426.html
https://github.com/qemu/qemu/commit/c0188e69d (bluetooth subsystem deprecated in 3.1)
https://github.com/qemu/qemu/commit/1d4ffe8dc (bluetooth subsystem removed in 5.0)

EPSS

Процентиль: 78%

0.01193

Низкий

CVE-2018-19665

CVSS3: 5.7

ubuntu

больше 6 лет назад

The Bluetooth subsystem in QEMU mishandles negative values for length variables, leading to memory corruption.

CVE-2018-19665

CVSS3: 6.4

redhat

больше 6 лет назад

The Bluetooth subsystem in QEMU mishandles negative values for length variables, leading to memory corruption.

CVE-2018-19665

CVSS3: 5.7

nvd

больше 6 лет назад

The Bluetooth subsystem in QEMU mishandles negative values for length variables, leading to memory corruption.

CVE-2018-19665

CVSS3: 5.7

msrc

почти 5 лет назад

Описание отсутствует

GHSA-5qrx-9vpc-57pm

CVSS3: 5.7

github

около 3 лет назад

The Bluetooth subsystem in QEMU mishandles negative values for length variables, leading to memory corruption.

EPSS

Процентиль: 78%

0.01193

Низкий