PT-2018-2213 · Libvirt+6 · Libvirt+6

Denial Berrange

Published

2018-03-14

Updated

2024-06-15

CVE-2018-1064

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions libvirt versions prior to 4.2.0-rc1

Description The issue is related to a resource exhaustion problem due to an incomplete fix that affects QEMU monitor and is also triggered via QEMU guest agent. It is associated with an error that leads to excessive memory consumption when handling a large stream of QEMU data. This could allow a remote attacker to cause a denial of service.

Recommendations For libvirt versions prior to 4.2.0-rc1, update to version 4.2.0-rc1 or later to resolve the issue.

Exploit

Fix

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-399CWE-400

Related Identifiers

ALT-PU-2018-1530

BDU:2019-00236

CESA-2018_1396

CESA-2018_1929

CVE-2018-1064

DLA-1315-1

DSA-4137-1

MGASA-2018-0186

OPENSUSE-SU-2018_0939-1

OPENSUSE-SU-2024:11008-1

RHSA-2018:1396

RHSA-2018:1929

RHSA-2018_1396

RHSA-2018_1929

SUSE-SU-2018:0838-1

SUSE-SU-2018:0861-1

SUSE-SU-2018:0920-1

SUSE-SU-2018:1295-1

SUSE-SU-2018:2082-1

SUSE-SU-2018:2141-1

USN-3680-1

Affected Products

Alt Linux

Centos

Qemu

Red Hat

Suse

Ubuntu

Libvirt

PT-2018-2213 · Libvirt+6 · Libvirt+6

CVE-2018-1064

Weakness Enumeration

Related Identifiers

Affected Products

References · 132