PT-2019-2784 · Qemu+7 · Qemu+7

William Bowling

·

Publicado

2018-12-18

·

Atualizado

2024-06-15

·

CVE-2019-9824

CVSS v3.1

5.5

Média

VetorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Name of the Vulnerable Software and Affected Versions QEMU versions 3.0.0
Description The issue is related to the tcp emu component in the QEMU hardware emulator, specifically in the slirp/tcp subr.c file. It involves the incorrect initialization of data in snprintf calls. Exploitation of this issue may allow an attacker to disclose protected information.
Recommendations For QEMU version 3.0.0, update to a newer version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Information Disclosure

Use of Uninitialized Resource

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-19CWE-200CWE-908

Identificadores relacionados

ALSA-2019:3345
ALT-PU-2018-2870
BDU:2019-02736
CESA-2019_1650
CESA-2019_2078
CESA-2019_3345
CVE-2019-9824
DLA-1781-1
DSA-4454-1
DSA-4454-2
OPENSUSE-SU-2019:1405-1
OPENSUSE-SU-2019_1226-1
OPENSUSE-SU-2019_1274-1
OPENSUSE-SU-2019_1405-1
OPENSUSE-SU-2024:11287-1
RHSA-2019:1650
RHSA-2019:2078
RHSA-2019:2425
RHSA-2019:2553
RHSA-2019:3345
RHSA-2019_1650
RHSA-2019_2078
RHSA-2019_3345
RLSA-2019:3345
SUSE-SU-2019:0825-1
SUSE-SU-2019:0827-1
SUSE-SU-2019:0891-1
SUSE-SU-2019:0921-1
SUSE-SU-2019:1238-1
SUSE-SU-2019:1239-1
SUSE-SU-2019:1268-1
SUSE-SU-2019:1269-1
SUSE-SU-2019:1272-1
SUSE-SU-2019:14001-1
SUSE-SU-2019:14011-1
SUSE-SU-2019:14052-1
SUSE-SU-2019:14053-1
SUSE-SU-2019_14001-1
SUSE-SU-2019_14052-1
USN-3978-1

Produtos afetados

Alt Linux
Almalinux
Centos
Qemu
Red Hat
Rocky Linux
Suse
Ubuntu