Showing 1 - 3 of 3

CVE-2018-12617

Status Candidate

Overview

qmp_guest_file_read in qga/commands-posix.c and qga/commands-win32.c in qemu-ga (aka QEMU Guest Agent) in QEMU 2.12.50 has an integer overflow causing a g_malloc0() call to trigger a segmentation fault when trying to allocate a large memory chunk. The vulnerability can be exploited by sending a crafted QMP command (including guest-file-read with a large count value) to the agent via the listening socket.

Related Files

Debian Security Advisory 4454-1: Posted May 31, 2019; Authored by Debian | Site debian.org; Debian Linux Security Advisory 4454-1 - Multiple security issues were discovered in QEMU, a fast processor emulator, which could result in denial of service, the execution of arbitrary code or information disclosure.; tags | advisory, denial of service, arbitrary, info disclosure; systems | linux, debian; advisories | CVE-2018-11806, CVE-2018-12617, CVE-2018-16872, CVE-2018-17958, CVE-2018-18849, CVE-2018-18954, CVE-2018-19364, CVE-2018-19489, CVE-2019-12155, CVE-2019-3812, CVE-2019-6778, CVE-2019-9824; SHA-256 | cba000ba6722bbd7ea6515d914172a949427ee73bb4a672c4b7065b7f6df2144; Download | Favorite | View

Ubuntu Security Notice USN-3826-1: Posted Nov 26, 2018; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 3826-1 - Daniel Shapira and Arash Tohidi discovered that QEMU incorrectly handled NE2000 device emulation. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. It was discovered that QEMU incorrectly handled the Slirp networking back-end. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code on the host. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Various other issues were also addressed.; tags | advisory, denial of service, arbitrary; systems | linux, ubuntu; advisories | CVE-2018-10839, CVE-2018-11806, CVE-2018-12617, CVE-2018-16847, CVE-2018-17958, CVE-2018-17962, CVE-2018-17963, CVE-2018-18849, CVE-2018-18954, CVE-2018-19364; SHA-256 | 4e4c876bb878a34b2dd16b55e3b1d2a08ed115428511e04586ecb54058caa47b; Download | Favorite | View

QEMU Guest Agent 2.12.50 Denial Of Service: Posted Jun 22, 2018; Authored by Fakhri Zulkifli; QEMU Guest Agent version 2.12.50 suffers from a denial of service vulnerability.; tags | exploit, denial of service; advisories | CVE-2018-12617; SHA-256 | 7ca46842a4552a3f52d42e40ba042adc118e1f7768b7b449703c7f601f35f8df; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 223 files
Ubuntu 57 files
LiquidWorm 23 files
Debian 19 files
indoushka 15 files
Apple 9 files
Google Security Research 5 files
Gentoo 5 files
Chokri Hammedi 3 files
Alter Prime 3 files

File Archives

Systems

AIX (430)
Apple (2,126)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,158)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,604)
HPUX (881)
iOS (393)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,830)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,245)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,969)
UNIX (9,474)
UnixWare (188)
Windows (6,784)
Other

CVE-2018-12617

Overview

Related Files

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems