PT-2018-10134 · Qemu+5 · Qemu+5

Arash Tc

Published

2018-10-16

Updated

2024-06-15

CVE-2018-10839

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Qemu emulator version 3.0.0 and earlier

Description The issue is related to an integer overflow that could lead to a buffer overflow problem. This occurs when receiving packets over the network, specifically with the NE2000 NIC emulation support. A user inside the guest could exploit this flaw to crash the Qemu process, resulting in a denial of service (DoS).

Recommendations For Qemu emulator version 3.0.0 and earlier, consider disabling the NE2000 NIC emulation support as a temporary workaround until a patch is available. Restrict access to the network to minimize the risk of exploitation.

Exploit

Fix

DoS

Stack Overflow

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-121CWE-190

Related Identifiers

ALT-PU-2018-2870

CESA-2019_2892

CVE-2018-10839

DLA-1599-1

DSA-4338-1

OPENSUSE-SU-2018_4004-1

OPENSUSE-SU-2018_4147-1

OPENSUSE-SU-2024:11287-1

RHSA-2019:2892

RHSA-2019_2892

SUSE-SU-2018:3912-1

SUSE-SU-2018:3927-1

SUSE-SU-2018:3973-1

SUSE-SU-2018:3973-2

SUSE-SU-2018:3975-1

SUSE-SU-2018:3987-1

SUSE-SU-2018:4129-1

SUSE-SU-2018:4185-1

SUSE-SU-2018:4237-1

SUSE-SU-2018_3912-1

SUSE-SU-2018_3927-1

SUSE-SU-2018_3973-1

SUSE-SU-2018_3973-2

SUSE-SU-2018_3975-1

SUSE-SU-2018_3987-1

SUSE-SU-2018_4129-1

SUSE-SU-2018_4185-1

SUSE-SU-2018_4237-1

SUSE-SU-2019:0825-1

SUSE-SU-2019:0827-1

SUSE-SU-2019:13921-1

SUSE-SU-2019:14011-1

USN-3826-1

Affected Products

Alt Linux

Centos

Qemu

Red Hat

Suse

Ubuntu

PT-2018-10134 · Qemu+5 · Qemu+5

CVE-2018-10839

Weakness Enumeration

Related Identifiers

Affected Products

References · 363