PT-2019-12715 · Qemu+2 · Qemu+2

Prasad J Pandit

·

Published

2018-12-18

·

Updated

2024-08-05

·

CVE-2019-12247

CVSS v3.1

7.5

High

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions QEMU version 3.0.0
Description The issue is related to an Integer Overflow in QEMU 3.0.0, caused by the qga/commands*.c files not checking the length of the argument list or the number of environment variables. However, it has been disputed as not exploitable.
Recommendations For QEMU version 3.0.0, at the moment, there is no information about a newer version that contains a fix for this issue.

Fix

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-190

Related Identifiers

ALT-PU-2018-2870
CVE-2019-12247

Affected Products

Alt Linux
Debian
Qemu