Published: 09/08/2018 Updated: 09/10/2019

CVSS v2 Base Score: 7.1 | Impact Score: 6.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 6.3 | Impact Score: 4 | Exploitability Score: 1.8

VMScore: 632

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C

It was found that vdsm before version 4.20.37 invokes qemu-img on untrusted inputs without limiting resources. By uploading a specially crafted image, an attacker could cause the qemu-img process to consume unbounded amounts of memory of CPU time, causing a denial of service condition that could potentially impact other users of the host.

Vulnerable Product	Search on Vulmon	Subscribe to Product
ovirt vdsm
redhat virtualization 4.0

It was found that vdsm would invoke qemu-img on untrusted inputs without limiting resources By uploading a specially crafted image, an attacker could cause the qemu-img process to consume unbounded amounts of memory of CPU time, causing a denial of service condition that could potentially impact other users of the host ...

CWE-770 https://gerrit.ovirt.org/#/c/93195/https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10908 http://lists.nongnu.org/archive/html/qemu-block/2018-07/msg00488.html https://access.redhat.com/errata/RHEA-2018:2624 https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2018-10908

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2018-10908

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect