Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2018-18438

Опубликовано: 11 окт. 2018
Источник: redhat

Описание

Qemu has integer overflows because IOReadHandler and its associated functions use a signed integer data type for a size value.

Отчет

The maintainer audited the code and determined that no memory corruption is possible using this flaw. Patches were applied upstream to prevent future changes introducing such flaws, but the issues identified by this CVE were determined to not constitute a vulnerability.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6qemu-kvmNot affected
Red Hat Enterprise Linux 7qemu-kvmNot affected
Red Hat Enterprise Linux 7qemu-kvm-maNot affected
Red Hat Enterprise Linux 7qemu-kvm-rhevNot affected
Red Hat Enterprise Linux 8qemu-kvmNot affected
Red Hat OpenStack Platform 10 (Newton)qemu-kvm-rhevNot affected
Red Hat OpenStack Platform 12 (Pike)qemu-kvm-rhevNot affected
Red Hat OpenStack Platform 13 (Queens)qemu-kvm-rhevNot affected
Red Hat OpenStack Platform 14 (Rocky)qemu-kvm-rhevNot affected
Red Hat OpenStack Platform 8 (Liberty)qemu-kvm-rhevNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Дефект:
CWE-190->CWE-122
https://bugzilla.redhat.com/show_bug.cgi?id=1609015Qemu: Integer overflow in ccid_card_vscard_read() allows memory corruption

Связанные уязвимости

ubuntu логотип

CVE-2018-18438

CVSS3: 5.5
ubuntu
больше 6 лет назад

Qemu has integer overflows because IOReadHandler and its associated functions use a signed integer data type for a size value.

nvd логотип

CVE-2018-18438

CVSS3: 5.5
nvd
больше 6 лет назад

Qemu has integer overflows because IOReadHandler and its associated functions use a signed integer data type for a size value.

debian логотип

CVE-2018-18438

CVSS3: 5.5
debian
больше 6 лет назад

Qemu has integer overflows because IOReadHandler and its associated fu ...

github логотип

GHSA-5g5x-38wg-3rxr

CVSS3: 5.5
github
около 3 лет назад

Qemu has integer overflows because IOReadHandler and its associated functions use a signed integer data type for a size value.

fstec логотип

BDU:2021-03450

CVSS3: 5.5
fstec
почти 7 лет назад

Уязвимость функции IOReadHandler эмулятора аппаратного обеспечения QEMU, связанная с целочисленным переполнением значения, позволяющая нарушителю вызвать отказ в обслуживании