CVE-2018-17962

Опубликовано: 26 сент. 2018

Источник: redhat

CVSS3: 6.5

EPSS Низкий

Описание

Qemu has a Buffer Overflow in pcnet_receive in hw/net/pcnet.c because an incorrect integer data type is used.

An integer overflow issue was found in the AMD PC-Net II NIC emulation in QEMU. It could occur while receiving packets, if the size value was greater than INT_MAX. Such overflow would lead to stack buffer overflow issue. A user inside guest could use this flaw to crash the QEMU process resulting in DoS.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 5	kvm	Not affected
Red Hat Enterprise Linux 7	qemu-kvm	Not affected
Red Hat Enterprise Linux 7	qemu-kvm-ma	Not affected
Red Hat Enterprise Linux 7	qemu-kvm-rhev	Not affected
Red Hat Enterprise Linux 6	qemu-kvm	Fixed	RHSA-2019:2892	24.09.2019

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-121

https://bugzilla.redhat.com/show_bug.cgi?id=1636773QEMU: pcnet: integer overflow leads to buffer overflow

EPSS

Процентиль: 71%

0.00711

Низкий

6.5 Medium

CVSS3

Связанные уязвимости

CVE-2018-17962

CVSS3: 7.5

ubuntu

больше 6 лет назад

Qemu has a Buffer Overflow in pcnet_receive in hw/net/pcnet.c because an incorrect integer data type is used.

CVE-2018-17962

CVSS3: 7.5

nvd

больше 6 лет назад

Qemu has a Buffer Overflow in pcnet_receive in hw/net/pcnet.c because an incorrect integer data type is used.

CVE-2018-17962

CVSS3: 7.5

debian

больше 6 лет назад

Qemu has a Buffer Overflow in pcnet_receive in hw/net/pcnet.c because ...

GHSA-q23x-9vcw-j6c2

CVSS3: 7.5

github

около 3 лет назад

Qemu has a Buffer Overflow in pcnet_receive in hw/net/pcnet.c because an incorrect integer data type is used.

ELSA-2019-2892

oracle-oval

больше 5 лет назад

ELSA-2019-2892: qemu-kvm security update (IMPORTANT)

EPSS

Процентиль: 71%

0.00711

Низкий

6.5 Medium

CVSS3