Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2018-10908

Опубликовано: 08 авг. 2018
Источник: redhat
CVSS3: 6.5
EPSS Низкий

Описание

It was found that vdsm before version 4.20.37 invokes qemu-img on untrusted inputs without limiting resources. By uploading a specially crafted image, an attacker could cause the qemu-img process to consume unbounded amounts of memory of CPU time, causing a denial of service condition that could potentially impact other users of the host.

It was found that vdsm would invoke qemu-img on untrusted inputs without limiting resources. By uploading a specially crafted image, an attacker could cause the qemu-img process to consume unbounded amounts of memory of CPU time, causing a denial of service condition that could potentially impact other users of the host.

Отчет

Red Hat Enterprise Virtualization 3 is now in Extended Life Phase of the support and maintenance lifecycle. Red Hat Product Security has rated this issue as having a security impact of Moderate, and it is not currently planned to be addressed in future updates of Red Hat Virtualization 3. For additional information, refer to the Red Hat Virtualization Life Cycle: https://access.redhat.com/support/policy/updates/rhev/

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Storage 3vdsmNot affected
Red Hat Virtualization 4 for Red Hat Enterprise Linux 7vdsmFixedRHEA-2018:262404.09.2018

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-20->CWE-770
https://bugzilla.redhat.com/show_bug.cgi?id=1605065vdsm: calls to qemu-img are not protected by prlimit/ulimit

EPSS

Процентиль: 55%
0.0032
Низкий

6.5 Medium

CVSS3

Связанные уязвимости

nvd логотип

CVE-2018-10908

CVSS3: 6.5
nvd
больше 7 лет назад

It was found that vdsm before version 4.20.37 invokes qemu-img on untrusted inputs without limiting resources. By uploading a specially crafted image, an attacker could cause the qemu-img process to consume unbounded amounts of memory of CPU time, causing a denial of service condition that could potentially impact other users of the host.

debian логотип

CVE-2018-10908

CVSS3: 6.5
debian
больше 7 лет назад

It was found that vdsm before version 4.20.37 invokes qemu-img on untr ...

github логотип

GHSA-c34h-7mjf-54vf

CVSS3: 6.3
github
больше 3 лет назад

It was found that vdsm before version 4.20.37 invokes qemu-img on untrusted inputs without limiting resources. By uploading a specially crafted image, an attacker could cause the qemu-img process to consume unbounded amounts of memory of CPU time, causing a denial of service condition that could potentially impact other users of the host.

EPSS

Процентиль: 55%
0.0032
Низкий

6.5 Medium

CVSS3