CVE-2018-20815

Опубликовано: 31 мая 2019

Источник: debian

EPSS Низкий

Описание

In QEMU 3.1.0, load_device_tree in device_tree.c calls the deprecated load_image function, which has a buffer overflow risk.

Пакет	Статус	Версия исправления	Релиз	Тип
qemu	fixed	1:3.1+dfsg-7		package
qemu-kvm	removed			package

https://git.qemu.org/?p=qemu.git;a=commitdiff;h=da885fe1ee8b4589047484bd7fa05a4905b52b17
https://www.openwall.com/lists/oss-security/2019/03/27/1

EPSS

Процентиль: 81%

0.01604

Низкий

CVE-2018-20815

CVSS3: 9.8

ubuntu

около 6 лет назад

In QEMU 3.1.0, load_device_tree in device_tree.c calls the deprecated load_image function, which has a buffer overflow risk.

CVE-2018-20815

CVSS3: 7

redhat

больше 6 лет назад

In QEMU 3.1.0, load_device_tree in device_tree.c calls the deprecated load_image function, which has a buffer overflow risk.

CVE-2018-20815

CVSS3: 9.8

nvd

около 6 лет назад

In QEMU 3.1.0, load_device_tree in device_tree.c calls the deprecated load_image function, which has a buffer overflow risk.

GHSA-4g35-fx39-gwjh

CVSS3: 9.8

github

около 3 лет назад

In QEMU 3.1.0, load_device_tree in device_tree.c calls the deprecated load_image function, which has a buffer overflow risk.

BDU:2019-01871

CVSS3: 7

fstec

больше 6 лет назад

Уязвимость функции load_device_tree эмулятора аппаратного обеспечения QEMU, позволяющая нарушителю выполнять произвольный код

EPSS

Процентиль: 81%

0.01604

Низкий