PT-2018-3401 · Qemu+3 · Qemu+3

D0Lph1N98

Published

2018-06-13

Updated

2020-11-19

CVE-2018-12617

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions: QEMU versions 2.12.50

Description: The issue is related to an integer overflow in the qmp guest file read function, which can cause a segmentation fault when attempting to allocate a large memory chunk. This can be exploited by sending a crafted QMP command, including guest-file-read with a large count value, to the agent via the listening socket.

Recommendations: For QEMU version 2.12.50, as a temporary workaround, consider restricting access to the qmp guest file read function until a patch is available. Avoid using the guest-file-read command with large count values in the affected QMP command until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-190

Related Identifiers

ALT-PU-2018-2161

BDU:2020-00757

CVE-2018-12617

DLA-1694-1

DSA-4454-1

DSA-4454-2

OPENSUSE-SU-2018_2693-1

OPENSUSE-SU-2018_3709-1

SUSE-SU-2018:2037-1

SUSE-SU-2018:2056-1

SUSE-SU-2018:2069-1

SUSE-SU-2018:2528-1

SUSE-SU-2018:2556-1

SUSE-SU-2018:2565-1

SUSE-SU-2018:2615-1

SUSE-SU-2018:2650-1

SUSE-SU-2018:2679-1

SUSE-SU-2018:2973-1

SUSE-SU-2018:2973-2

SUSE-SU-2018:3555-1

SUSE-SU-2018_2679-1

USN-3826-1

Affected Products

Alt Linux

Qemu

Suse

Ubuntu

PT-2018-3401 · Qemu+3 · Qemu+3

CVE-2018-12617

Weakness Enumeration

Related Identifiers

Affected Products

References · 89