Published: 21/06/2018 Updated: 19/11/2020

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 505

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

qmp_guest_file_read in qga/commands-posix.c and qga/commands-win32.c in qemu-ga (aka QEMU Guest Agent) in QEMU 2.12.50 has an integer overflow causing a g_malloc0() call to trigger a segmentation fault when trying to allocate a large memory chunk. The vulnerability can be exploited by sending a crafted QMP command (including guest-file-read with a large count value) to the agent via the listening socket.

Vulnerable Product	Search on Vulmon	Subscribe to Product
qemu qemu
canonical ubuntu linux 14.04
canonical ubuntu linux 16.04
canonical ubuntu linux 18.04
canonical ubuntu linux 18.10
debian debian linux 8.0
debian debian linux 9.0

Several security issues were fixed in QEMU ...

Multiple security issues were discovered in QEMU, a fast processor emulator, which could result in denial of service, the execution of arbitrary code or information disclosure In addition this update backports support to passthrough the new md-clear CPU flag added in the intel-microcode update shipped in DSA 4447 to x86-based guests For the stabl ...

qmp_guest_file_read in qga/commands-posixc and qga/commands-win32c in qemu-ga (aka QEMU Guest Agent) in QEMU 21250 has an integer overflow causing a g_malloc0() call to trigger a segmentation fault when trying to allocate a large memory chunk The vulnerability can be exploited by sending a crafted QMP command (including guest-file-read with a ...

Debian Bug report logs - #911470 qemu: CVE-2018-18438: Integer overflow in ccid_card_vscard_read() allows memory corruption Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 20 Oct 2018 14:51:02 UTC ...

Debian Bug report logs - #915884 qemu: CVE-2018-16867: dev-mtp: path traversal in usb_mtp_write_data of the Media Transfer Protocol (MTP) Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 7 Dec 2018 ...

Debian Bug report logs - #902725 CVE-2018-12617 Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Fri, 29 Jun 2018 21:09:06 UTC Severity: important Tags: security Found in version qemu/1:212+dfsg-3 Fixed in ...

Debian Bug report logs - #911499 qemu: CVE-2018-17958: rtl8139: integer overflow leads to buffer overflow Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 20 Oct 2018 21:15:01 UTC Severity: import ...

Debian Bug report logs - #914604 qemu: CVE-2018-18954: ppc64: Out-of-bounds r/w stack access in pnv_lpc_do_eccb Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 25 Nov 2018 15:48:01 UTC Severity: i ...

Debian Bug report logs - #911468 qemu: CVE-2018-17962: pcnet: integer overflow leads to buffer overflow Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 20 Oct 2018 14:45:03 UTC Severity: grave Tag ...

Debian Bug report logs - #914727 qemu: CVE-2018-19489: 9pfs: crash due to race condition in renaming files Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 26 Nov 2018 18:21:01 UTC Severity: import ...

Debian Bug report logs - #929353 qemu: CVE-2019-12155: qxl: null pointer dereference while releasing speice resources Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 22 May 2019 08:03:02 UTC Sever ...

Debian Bug report logs - #901017 qemu: CVE-2018-11806: slirp: heap buffer overflow while reassembling fragmented datagrams Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 8 Jun 2018 03:42:01 UTC ...

Debian Bug report logs - #910431 qemu: CVE-2018-10839: integer overflow leads to buffer overflow issue Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 6 Oct 2018 07:42:02 UTC Severity: grave Tags ...

Debian Bug report logs - #907500 qemu: CVE-2018-15746: seccomp: blacklist is not applied to all threads Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 28 Aug 2018 19:57:04 UTC Severity: important ...

Debian Bug report logs - #912535 qemu: CVE-2018-18849 Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 1 Nov 2018 07:18:02 UTC Severity: important Tags: patch, security, upstream Found in version ...

Debian Bug report logs - #911469 qemu: CVE-2018-17963: net: ignore packets with large size Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 20 Oct 2018 14:45:07 UTC Severity: grave Tags: security, ...

Debian Bug report logs - #914599 qemu: CVE-2018-19364: Use-after-free due to race condition while updating fid path Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 25 Nov 2018 15:09:01 UTC Severit ...

# Exploit Title: QEMU Guest Agent 21250 - Denial of Service # Date: 2018-06-07 # Exploit Author: Fakhri Zulkifli (@d0lph1n98) # Vendor Homepage: wwwqemuorg/ # Software Link: wwwqemuorg/download/ # Version: 21250 and earlier # Tested on: 21250 # CVE : CVE-2018-12617 # QEMU Guest Agent 21250 and earlier has an integer ove ...

QEMU Guest Agent version 21250 suffers from a denial of service vulnerability ...

CWE-190 https://lists.gnu.org/archive/html/qemu-devel/2018-06/msg03385.html https://gist.github.com/fakhrizulkifli/c7740d28efa07dafee66d4da5d857ef6 http://www.securityfocus.com/bid/104531 https://www.exploit-db.com/exploits/44925/https://usn.ubuntu.com/3826-1/https://lists.debian.org/debian-lts-announce/2019/02/msg00041.html https://www.debian.org/security/2019/dsa-4454 https://seclists.org/bugtraq/2019/May/76 https://usn.ubuntu.com/3826-1/https://nvd.nist.gov https://www.exploit-db.com/exploits/44925/https://access.redhat.com/security/cve/cve-2018-12617

Get Started

CVE-2018-12617

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect