CVE-2018-17958

Опубликовано: 09 окт. 2018

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

Qemu has a Buffer Overflow in rtl8139_do_receive in hw/net/rtl8139.c because an incorrect integer data type is used.

Ссылки

http://www.openwall.com/lists/oss-security/2018/10/08/1
Mailing List
Third Party Advisory
http://www.securityfocus.com/bid/105556
Third Party Advisory
VDB Entry
https://access.redhat.com/errata/RHSA-2019:2425
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2553
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2019/01/msg00023.html
Mailing List
Third Party Advisory
https://lists.gnu.org/archive/html/qemu-devel/2018-09/msg03269.html
Mailing List
Patch
Third Party Advisory
https://seclists.org/bugtraq/2019/May/76
Mailing List
Third Party Advisory
https://usn.ubuntu.com/3826-1/
Third Party Advisory
https://www.debian.org/security/2019/dsa-4454
Third Party Advisory
http://www.openwall.com/lists/oss-security/2018/10/08/1
Mailing List
Third Party Advisory
http://www.securityfocus.com/bid/105556
Third Party Advisory
VDB Entry
https://access.redhat.com/errata/RHSA-2019:2425
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2553
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2019/01/msg00023.html
Mailing List
Third Party Advisory
https://lists.gnu.org/archive/html/qemu-devel/2018-09/msg03269.html
Mailing List
Patch
Third Party Advisory
https://seclists.org/bugtraq/2019/May/76
Mailing List
Third Party Advisory
https://usn.ubuntu.com/3826-1/
Third Party Advisory
https://www.debian.org/security/2019/dsa-4454
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*

Версия до 3.0.1 (включая)

Конфигурация 2

Одно из

cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*

Конфигурация 3

Одно из

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Конфигурация 4

Одновременно

cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*

Конфигурация 5

cpe:2.3:a:redhat:virtualization_manager:4.3:*:*:*:*:*:*:*

EPSS

Процентиль: 86%

0.02975

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-190

Связанные уязвимости

CVE-2018-17958

CVSS3: 7.5

ubuntu

больше 6 лет назад

Qemu has a Buffer Overflow in rtl8139_do_receive in hw/net/rtl8139.c because an incorrect integer data type is used.

CVE-2018-17958

CVSS3: 6.5

redhat

больше 6 лет назад

Qemu has a Buffer Overflow in rtl8139_do_receive in hw/net/rtl8139.c because an incorrect integer data type is used.

CVE-2018-17958

CVSS3: 7.5

debian

больше 6 лет назад

Qemu has a Buffer Overflow in rtl8139_do_receive in hw/net/rtl8139.c b ...

GHSA-r358-8j8x-6jhw

CVSS3: 7.5

github

около 3 лет назад

Qemu has a Buffer Overflow in rtl8139_do_receive in hw/net/rtl8139.c because an incorrect integer data type is used.

BDU:2020-00756

CVSS3: 7.5

fstec

около 7 лет назад

Уязвимость функции rtl8139_do_receive эмулятора аппаратного обеспечения QEMU, связанная с целочисленным переполнением, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 86%

0.02975

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-190