CVE-2018-17963

Опубликовано: 09 окт. 2018

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

qemu_deliver_packet_iov in net/net.c in Qemu accepts packet sizes greater than INT_MAX, which allows attackers to cause a denial of service or possibly have unspecified other impact.

Ссылки

http://www.openwall.com/lists/oss-security/2018/10/08/1
Mailing List
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2166
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2425
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2553
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html
Mailing List
Third Party Advisory
https://lists.gnu.org/archive/html/qemu-devel/2018-09/msg03267.html
Mailing List
Patch
Third Party Advisory
https://lists.gnu.org/archive/html/qemu-devel/2018-11/msg06054.html
Mailing List
Patch
Third Party Advisory
https://usn.ubuntu.com/3826-1/
Third Party Advisory
https://www.debian.org/security/2018/dsa-4338
Third Party Advisory
http://www.openwall.com/lists/oss-security/2018/10/08/1
Mailing List
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2166
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2425
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2553
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html
Mailing List
Third Party Advisory
https://lists.gnu.org/archive/html/qemu-devel/2018-09/msg03267.html
Mailing List
Patch
Third Party Advisory
https://lists.gnu.org/archive/html/qemu-devel/2018-11/msg06054.html
Mailing List
Patch
Third Party Advisory
https://usn.ubuntu.com/3826-1/
Third Party Advisory
https://www.debian.org/security/2018/dsa-4338
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*

Версия до 3.0.0 (включая)

cpe:2.3:a:qemu:qemu:3.1.0:rc0:*:*:*:*:*:*

cpe:2.3:a:qemu:qemu:3.1.0:rc1:*:*:*:*:*:*

cpe:2.3:a:qemu:qemu:3.1.0:rc2:*:*:*:*:*:*

cpe:2.3:a:qemu:qemu:3.1.0:rc3:*:*:*:*:*:*

Конфигурация 2

Одно из

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Конфигурация 3

Одно из

cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*

Конфигурация 4

Одно из

cpe:2.3:a:redhat:openstack:10:*:*:*:*:*:*:*

cpe:2.3:a:redhat:openstack:13:*:*:*:*:*:*:*

cpe:2.3:a:redhat:openstack:14:*:*:*:*:*:*:*

cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:*

cpe:2.3:a:redhat:virtualization_manager:4.3:*:*:*:*:*:*:*

EPSS

Процентиль: 84%

0.02211

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-190

Связанные уязвимости

CVE-2018-17963

CVSS3: 9.8

ubuntu

больше 6 лет назад

qemu_deliver_packet_iov in net/net.c in Qemu accepts packet sizes greater than INT_MAX, which allows attackers to cause a denial of service or possibly have unspecified other impact.

CVE-2018-17963

CVSS3: 6.5

redhat

около 7 лет назад

qemu_deliver_packet_iov in net/net.c in Qemu accepts packet sizes greater than INT_MAX, which allows attackers to cause a denial of service or possibly have unspecified other impact.

CVE-2018-17963

CVSS3: 9.8

debian

больше 6 лет назад

qemu_deliver_packet_iov in net/net.c in Qemu accepts packet sizes grea ...

GHSA-8mrp-f43f-c35w

CVSS3: 9.8

github

около 3 лет назад

qemu_deliver_packet_iov in net/net.c in Qemu accepts packet sizes greater than INT_MAX, which allows attackers to cause a denial of service or possibly have unspecified other impact.

SUSE-SU-2018:3332-1

suse-cvrf

больше 6 лет назад

Security update for xen

EPSS

Процентиль: 84%

0.02211

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-190