Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2018-16867

Опубликовано: 12 дек. 2018
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS2: 4.4
CVSS3: 7.8

Описание

A flaw was found in qemu Media Transfer Protocol (MTP) before version 3.1.0. A path traversal in the in usb_mtp_write_data function in hw/usb/dev-mtp.c due to an improper filename sanitization. When the guest device is mounted in read-write mode, this allows to read/write arbitrary files which may lead do DoS scenario OR possibly lead to code execution on the host.

РелизСтатусПримечание
bionic

not-affected

code not present
cosmic

released

1:2.12+dfsg-3ubuntu8.6
devel

not-affected

1:3.1+dfsg-2ubuntu1
esm-infra-legacy/trusty

not-affected

code not present
esm-infra/bionic

not-affected

code not present
esm-infra/xenial

not-affected

code not present
precise/esm

DNE

trusty

not-affected

code not present
trusty/esm

not-affected

code not present
upstream

needs-triage

Показывать по

РелизСтатусПримечание
bionic

DNE

cosmic

DNE

devel

DNE

esm-infra-legacy/trusty

DNE

precise/esm

not-affected

code not present
trusty

DNE

trusty/esm

DNE

upstream

needs-triage

xenial

DNE

Показывать по

EPSS

Процентиль: 27%
0.0009
Низкий

4.4 Medium

CVSS2

7.8 High

CVSS3

Связанные уязвимости

CVSS3: 7
redhat
больше 6 лет назад

A flaw was found in qemu Media Transfer Protocol (MTP) before version 3.1.0. A path traversal in the in usb_mtp_write_data function in hw/usb/dev-mtp.c due to an improper filename sanitization. When the guest device is mounted in read-write mode, this allows to read/write arbitrary files which may lead do DoS scenario OR possibly lead to code execution on the host.

CVSS3: 7.8
nvd
больше 6 лет назад

A flaw was found in qemu Media Transfer Protocol (MTP) before version 3.1.0. A path traversal in the in usb_mtp_write_data function in hw/usb/dev-mtp.c due to an improper filename sanitization. When the guest device is mounted in read-write mode, this allows to read/write arbitrary files which may lead do DoS scenario OR possibly lead to code execution on the host.

CVSS3: 7.8
debian
больше 6 лет назад

A flaw was found in qemu Media Transfer Protocol (MTP) before version ...

CVSS3: 7.8
github
около 3 лет назад

A flaw was found in qemu Media Transfer Protocol (MTP) before version 3.1.0. A path traversal in the in usb_mtp_write_data function in hw/usb/dev-mtp.c due to an improper filename sanitization. When the guest device is mounted in read-write mode, this allows to read/write arbitrary files which may lead do DoS scenario OR possibly lead to code execution on the host.

oracle-oval
больше 6 лет назад

ELSA-2018-4313: qemu security update (IMPORTANT)

EPSS

Процентиль: 27%
0.0009
Низкий

4.4 Medium

CVSS2

7.8 High

CVSS3