Lucene search
MitreCVELIST:CVE-2018-12617HistoryJun 21, 2018 - 6:00 p.m.
CVE-2018-12617
2018-06-2118:00:00
mitre
www.cve.org
qmp_guest_file_read in qga/commands-posix.c and qga/commands-win32.c in qemu-ga (aka QEMU Guest Agent) in QEMU 2.12.50 has an integer overflow causing a g_malloc0() call to trigger a segmentation fault when trying to allocate a large memory chunk. The vulnerability can be exploited by sending a crafted QMP command (including guest-file-read with a large count value) to the agent via the listening socket.
References
www.securityfocus.com/bid/104531
gist.github.com/fakhrizulkifli/c7740d28efa07dafee66d4da5d857ef6
lists.debian.org/debian-lts-announce/2019/02/msg00041.html
lists.gnu.org/archive/html/qemu-devel/2018-06/msg03385.html
seclists.org/bugtraq/2019/May/76
usn.ubuntu.com/3826-1/
www.debian.org/security/2019/dsa-4454
www.exploit-db.com/exploits/44925/
Related
cve
cve
CVE-2018-12617
2018-06-21 18:29:00
ubuntucve
ubuntucve
CVE-2018-12617
2018-06-21 00:00:00
veracode
veracode
Integer Overflow
2020-09-21 06:24:34
prion
prion
Integer overflow
2018-06-21 18:29:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2018:2679-1)
2021-06-09 00:00:00
openSUSE: Security Advisory for qemu (openSUSE-SU-2018:2693-1)
2018-10-26 00:00:00
Huawei EulerOS: Security Advisory for qemu-kvm (EulerOS-SA-2019-1988)
2020-01-23 00:00:00
zdt
zdt
QEMU Guest Agent 2.12.50 - Denial of Service Vulnerability
2018-06-22 00:00:00
nessus
nessus
SUSE SLED15 / SLES15 Security Update : qemu (SUSE-SU-2018:2679-1)
2019-01-02 00:00:00
openSUSE Security Update : qemu (openSUSE-2019-683)
2019-03-27 00:00:00
openSUSE Security Update : qemu (openSUSE-2018-996)
2018-09-13 00:00:00
redhatcve
redhatcve
CVE-2018-12617
2020-03-17 07:33:51
suse
suse
Security update for qemu (moderate)
2018-09-12 12:07:50
Security update for qemu (moderate)
2018-11-10 00:23:53
nvd
nvd
CVE-2018-12617
2018-06-21 18:29:00
debiancve
debiancve
CVE-2018-12617
2018-06-21 18:29:00
exploitpack
exploitpack
QEMU Guest Agent 2.12.50 - Denial of Service
2018-06-22 00:00:00
packetstorm
packetstorm
QEMU Guest Agent 2.12.50 Denial Of Service
2018-06-22 00:00:00
exploitdb
exploitdb
QEMU Guest Agent 2.12.50 - Denial of Service
2018-06-22 00:00:00
osv
osv
qemu - security update
2019-02-28 00:00:00
qemu - security update
2019-05-30 00:00:00
debian
debian
[SECURITY] [DLA 1694-1] qemu security update
2019-02-28 08:42:29
[SECURITY] [DSA 4454-1] qemu security update
2019-05-30 18:06:19
fedora
fedora
[SECURITY] Fedora 28 Update: qemu-2.11.2-2.fc28
2018-08-24 08:06:03
[SECURITY] Fedora 28 Update: qemu-2.11.2-5.fc28
2019-05-21 01:14:13
[SECURITY] Fedora 27 Update: qemu-2.10.2-1.fc27
2018-08-24 07:15:55
oraclelinux
oraclelinux
qemu security update
2018-10-29 00:00:00
qemu security update
2018-11-20 00:00:00
qemu security update
2018-11-28 00:00:00
ubuntu
ubuntu
QEMU vulnerabilities
2018-11-26 00:00:00