PT-2018-10175 · Ovirt · Vdsm

Doran Moppert

Published

2018-08-09

Updated

2019-10-09

CVE-2018-10908

CVSS v2.0

7.1

High

Vector

AV:N/AC:M/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions vdsm versions prior to 4.20.37

Description The issue allows an attacker to cause a denial of service condition by uploading a specially crafted image, which could consume unbounded amounts of memory or CPU time, potentially impacting other users of the host.

Recommendations For versions prior to 4.20.37, update to version 4.20.37 or later to resolve the issue. As a temporary workaround, consider restricting the upload of images to trusted sources until the update is applied.

Fix

RCE

Allocation of Resources Without Limits

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20CWE-770

Related Identifiers

CVE-2018-10908

Affected Products

Vdsm

PT-2018-10175 · Ovirt · Vdsm

CVE-2018-10908

Weakness Enumeration

Related Identifiers

Affected Products

References · 6