Описание
A flaw was found in the QEMU disk image utility (qemu-img) 'info' command. A specially crafted image file containing a json:{} value describing block devices in QMP could cause the qemu-img process on the host to consume large amounts of memory or CPU time, leading to denial of service or read/write to an existing external file.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | released | 1:9.0.2+ds-4ubuntu2 |
| esm-infra-legacy/trusty | not-affected | code no present |
| esm-infra-legacy/xenial | not-affected | code not present |
| esm-infra/bionic | not-affected | code not present |
| esm-infra/focal | released | 1:4.2-3ubuntu6.30+esm1 |
| esm-infra/xenial | ignored | end of ESM support, was needs-triage |
| focal | ignored | end of standard support, was needs-triage |
| jammy | released | 1:6.2+dfsg-2ubuntu6.27 |
| mantic | ignored | end of life, was needs-triage |
| noble | released | 1:8.2.2+ds-0ubuntu1.10 |
Показывать по
EPSS
7.8 High
CVSS3
Связанные уязвимости
A flaw was found in the QEMU disk image utility (qemu-img) 'info' command. A specially crafted image file containing a `json:{}` value describing block devices in QMP could cause the qemu-img process on the host to consume large amounts of memory or CPU time, leading to denial of service or read/write to an existing external file.
A flaw was found in the QEMU disk image utility (qemu-img) 'info' command. A specially crafted image file containing a `json:{}` value describing block devices in QMP could cause the qemu-img process on the host to consume large amounts of memory or CPU time, leading to denial of service or read/write to an existing external file.
Qemu-kvm: 'qemu-img info' leads to host file read/write
A flaw was found in the QEMU disk image utility (qemu-img) 'info' comm ...
EPSS
7.8 High
CVSS3