Описание
qmp_guest_file_read in qga/commands-posix.c and qga/commands-win32.c in qemu-ga (aka QEMU Guest Agent) in QEMU 2.12.50 has an integer overflow causing a g_malloc0() call to trigger a segmentation fault when trying to allocate a large memory chunk. The vulnerability can be exploited by sending a crafted QMP command (including guest-file-read with a large count value) to the agent via the listening socket.
Ссылки
- Third Party AdvisoryVDB Entry
- ExploitThird Party Advisory
- Mailing ListThird Party Advisory
- Mailing ListPatchThird Party Advisory
- Mailing ListThird Party Advisory
- Third Party Advisory
- Third Party Advisory
- ExploitThird Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- ExploitThird Party Advisory
- Mailing ListThird Party Advisory
- Mailing ListPatchThird Party Advisory
- Mailing ListThird Party Advisory
- Third Party Advisory
- Third Party Advisory
- ExploitThird Party AdvisoryVDB Entry
Уязвимые конфигурации
Одно из
Одно из
EPSS
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
Связанные уязвимости
qmp_guest_file_read in qga/commands-posix.c and qga/commands-win32.c in qemu-ga (aka QEMU Guest Agent) in QEMU 2.12.50 has an integer overflow causing a g_malloc0() call to trigger a segmentation fault when trying to allocate a large memory chunk. The vulnerability can be exploited by sending a crafted QMP command (including guest-file-read with a large count value) to the agent via the listening socket.
qmp_guest_file_read in qga/commands-posix.c and qga/commands-win32.c in qemu-ga (aka QEMU Guest Agent) in QEMU 2.12.50 has an integer overflow causing a g_malloc0() call to trigger a segmentation fault when trying to allocate a large memory chunk. The vulnerability can be exploited by sending a crafted QMP command (including guest-file-read with a large count value) to the agent via the listening socket.
qmp_guest_file_read in qga/commands-posix.c and qga/commands-win32.c i ...
EPSS
7.5 High
CVSS3
5 Medium
CVSS2