CVE-2019-12247

Опубликовано: 22 мая 2019

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

QEMU 3.0.0 has an Integer Overflow because the qga/commands*.c files do not check the length of the argument list or the number of environment variables. NOTE: This has been disputed as not exploitable

Ссылки

http://www.securityfocus.com/bid/108434
Third Party Advisory
https://lists.gnu.org/archive/html/qemu-devel/2019-01/msg06360.html
Mailing List
Patch
Third Party Advisory
https://lists.gnu.org/archive/html/qemu-devel/2019-05/msg04596.html
Mailing List
Patch
Third Party Advisory
https://lists.gnu.org/archive/html/qemu-devel/2019-05/msg05457.html
http://www.securityfocus.com/bid/108434
Third Party Advisory
https://lists.gnu.org/archive/html/qemu-devel/2019-01/msg06360.html
Mailing List
Patch
Third Party Advisory
https://lists.gnu.org/archive/html/qemu-devel/2019-05/msg04596.html
Mailing List
Patch
Third Party Advisory
https://lists.gnu.org/archive/html/qemu-devel/2019-05/msg05457.html

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:qemu:qemu:3.0.0:*:*:*:*:*:*:*

EPSS

Процентиль: 67%

0.00528

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-190

Связанные уязвимости

CVE-2019-12247

CVSS3: 7.5

ubuntu

больше 6 лет назад

CVE-2019-12247

CVSS3: 3.8

redhat

около 7 лет назад

CVE-2019-12247

CVSS3: 7.5

debian

больше 6 лет назад

QEMU 3.0.0 has an Integer Overflow because the qga/commands*.c files d ...

GHSA-rpv4-4xh7-p4f6

CVSS3: 7.5

github

больше 3 лет назад

QEMU 3.0.0 has an Integer Overflow because the qga/commands*.c files do not check the length of the argument list or the number of environment variables.

EPSS

Процентиль: 67%

0.00528

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-190