Lucene search
JskzZDI-18-567HistoryJun 07, 2018 - 12:00 a.m.
Qemu Slirp Networking Heap-based Buffer Overflow Privilege Escalation Vulnerability
2018-06-0700:00:00
jskz
www.zerodayinitiative.com
24
EPSS
0.001
Percentile
31.0%
This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Qemu. An attacker must first obtain the ability to execute code on the guest OS in order to exploit this vulnerability. The specific flaw exists within the handling of the slirp networking. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code under the context of current user in the host OS.
Related
redhat
redhat
(RHSA-2018:2822) Important: qemu-kvm-rhev security update
2018-09-27 18:00:00
(RHSA-2018:2762) Important: qemu-kvm-ma security update
2018-09-25 17:29:48
(RHSA-2018:2887) Important: qemu-kvm-rhev security update
2018-10-09 10:53:35
ubuntucve
ubuntucve
CVE-2018-11806
2018-06-13 00:00:00
cvelist
cvelist
CVE-2018-11806
2018-06-13 16:00:00
osv
osv
CVE-2018-11806
2018-06-13 16:29:01
qemu - security update
2019-05-09 00:00:00
qemu - security update
2019-05-30 00:00:00
nessus
nessus
RHEL 7 : qemu-kvm-rhev (RHSA-2018:2822)
2024-04-27 00:00:00
EulerOS Virtualization for ARM 64 3.0.5.0 : qemu-kvm (EulerOS-SA-2020-1091)
2020-01-13 00:00:00
RHEL 7 : qemu-kvm-rhev (RHSA-2018:2887)
2018-10-16 00:00:00
nvd
nvd
CVE-2018-11806
2018-06-13 16:29:01
veracode
veracode
Denial Of Service (DoS)
2019-01-15 09:26:12
prion
prion
Heap overflow
2018-06-13 16:29:00
f5
f5
K51428664 : QEMU vulnerability CVE-2018-11806
2020-12-31 00:00:00
openvas
openvas
Huawei EulerOS: Security Advisory for qemu-kvm (EulerOS-SA-2020-1091)
2020-01-23 00:00:00
Huawei EulerOS: Security Advisory for qemu-kvm (EulerOS-SA-2018-1314)
2020-01-23 00:00:00
CentOS Update for qemu-img CESA-2018:2462 centos7
2018-08-21 00:00:00
debiancve
debiancve
CVE-2018-11806
2018-06-13 16:29:01
redhatcve
redhatcve
CVE-2018-11806
2019-10-31 22:26:58
cve
cve
CVE-2018-11806
2018-06-13 16:29:01
amazon
amazon
Important: qemu-kvm
2018-09-05 19:33:00
Important: qemu-kvm
2018-09-12 22:19:00
oraclelinux
oraclelinux
qemu-kvm security and bug fix update
2018-08-16 00:00:00
qemu-kvm security update
2019-09-24 00:00:00
qemu security update
2018-10-29 00:00:00
centos
centos
qemu security update
2018-08-21 01:08:04
qemu security update
2019-09-27 12:14:41
suse
suse
Security update for qemu (moderate)
2018-08-17 12:15:11
Security update for qemu (moderate)
2018-11-10 00:23:53
Security update for xen (moderate)
2018-08-06 15:12:23
debian
debian
[SECURITY] [DLA 1781-1] qemu security update
2019-05-09 18:42:13
[SECURITY] [DSA 4454-1] qemu security update
2019-05-30 18:06:19
fedora
fedora
[SECURITY] Fedora 28 Update: qemu-2.11.2-2.fc28
2018-08-24 08:06:03
[SECURITY] Fedora 28 Update: qemu-2.11.2-5.fc28
2019-05-21 01:14:13
[SECURITY] Fedora 27 Update: qemu-2.10.2-1.fc27
2018-08-24 07:15:55
ubuntu
ubuntu
QEMU vulnerabilities
2018-11-26 00:00:00