Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.8
CVSSv3

CVE-2018-16867

Published: 12/12/2018 Updated: 07/11/2023
CVSS v2 Base Score: 4.4 | Impact Score: 6.4 | Exploitability Score: 3.4
CVSS v3 Base Score: 7.8 | Impact Score: 6 | Exploitability Score: 1.1
VMScore: 392
Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P
Subscribe to Qemu

Vulnerability Summary

A flaw was found in qemu Media Transfer Protocol (MTP) before version 3.1.0. A path traversal in the in usb_mtp_write_data function in hw/usb/dev-mtp.c due to an improper filename sanitization. When the guest device is mounted in read-write mode, this allows to read/write arbitrary files which may lead do DoS scenario OR possibly lead to code execution on the host.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

qemu qemu

qemu qemu 3.1.0

fedoraproject fedora 29

canonical ubuntu linux 16.04

canonical ubuntu linux 14.04

canonical ubuntu linux 18.04

canonical ubuntu linux 18.10

Vendor Advisories

Ubuntu Security Notice: qemu vulnerabilities
Several security issues were fixed in QEMU ...
Red Hat: CVE-2018-16867
A flaw was found in QEMU's Media Transfer Protocol (MTP) where a path traversal in the in usb_mtp_write_data function in hw/usb/dev-mtpc due to an improper file name sanitization Reading and writing of arbitrary files is allowed when a guest device is mounted which may lead to a denial of service scenario or possibly lead to code execution on the ...
Debian CVElist Bug Report Logs: qemu: CVE-2018-18438: Integer overflow in ccid_card_vscard_read() allows memory corruption
Debian Bug report logs - #911470 qemu: CVE-2018-18438: Integer overflow in ccid_card_vscard_read() allows memory corruption Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 20 Oct 2018 14:51:02 UTC ...
Debian CVElist Bug Report Logs: qemu: CVE-2018-16867: dev-mtp: path traversal in usb_mtp_write_data of the Media Transfer Protocol (MTP)
Debian Bug report logs - #915884 qemu: CVE-2018-16867: dev-mtp: path traversal in usb_mtp_write_data of the Media Transfer Protocol (MTP) Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 7 Dec 2018 ...
Debian CVElist Bug Report Logs: CVE-2018-12617
Debian Bug report logs - #902725 CVE-2018-12617 Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Fri, 29 Jun 2018 21:09:06 UTC Severity: important Tags: security Found in version qemu/1:212+dfsg-3 Fixed in ...
Debian CVElist Bug Report Logs: qemu: CVE-2018-17958: rtl8139: integer overflow leads to buffer overflow
Debian Bug report logs - #911499 qemu: CVE-2018-17958: rtl8139: integer overflow leads to buffer overflow Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 20 Oct 2018 21:15:01 UTC Severity: import ...
Debian CVElist Bug Report Logs: qemu: CVE-2018-18954: ppc64: Out-of-bounds r/w stack access in pnv_lpc_do_eccb
Debian Bug report logs - #914604 qemu: CVE-2018-18954: ppc64: Out-of-bounds r/w stack access in pnv_lpc_do_eccb Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 25 Nov 2018 15:48:01 UTC Severity: i ...
Debian CVElist Bug Report Logs: qemu: CVE-2018-17962: pcnet: integer overflow leads to buffer overflow
Debian Bug report logs - #911468 qemu: CVE-2018-17962: pcnet: integer overflow leads to buffer overflow Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 20 Oct 2018 14:45:03 UTC Severity: grave Tag ...
Debian CVElist Bug Report Logs: qemu: CVE-2018-19489: 9pfs: crash due to race condition in renaming files
Debian Bug report logs - #914727 qemu: CVE-2018-19489: 9pfs: crash due to race condition in renaming files Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 26 Nov 2018 18:21:01 UTC Severity: import ...
Debian CVElist Bug Report Logs: qemu: CVE-2018-11806: slirp: heap buffer overflow while reassembling fragmented datagrams
Debian Bug report logs - #901017 qemu: CVE-2018-11806: slirp: heap buffer overflow while reassembling fragmented datagrams Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 8 Jun 2018 03:42:01 UTC ...
Debian CVElist Bug Report Logs: qemu: CVE-2018-10839: integer overflow leads to buffer overflow issue
Debian Bug report logs - #910431 qemu: CVE-2018-10839: integer overflow leads to buffer overflow issue Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 6 Oct 2018 07:42:02 UTC Severity: grave Tags ...
Debian CVElist Bug Report Logs: qemu: CVE-2018-15746: seccomp: blacklist is not applied to all threads
Debian Bug report logs - #907500 qemu: CVE-2018-15746: seccomp: blacklist is not applied to all threads Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 28 Aug 2018 19:57:04 UTC Severity: important ...
Debian CVElist Bug Report Logs: qemu: CVE-2018-18849
Debian Bug report logs - #912535 qemu: CVE-2018-18849 Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 1 Nov 2018 07:18:02 UTC Severity: important Tags: patch, security, upstream Found in version ...
Debian CVElist Bug Report Logs: qemu: CVE-2018-17963: net: ignore packets with large size
Debian Bug report logs - #911469 qemu: CVE-2018-17963: net: ignore packets with large size Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 20 Oct 2018 14:45:07 UTC Severity: grave Tags: security, ...
Debian CVElist Bug Report Logs: qemu: CVE-2018-19364: Use-after-free due to race condition while updating fid path
Debian Bug report logs - #914599 qemu: CVE-2018-19364: Use-after-free due to race condition while updating fid path Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 25 Nov 2018 15:09:01 UTC Severit ...

References

CWE-362https://www.openwall.com/lists/oss-security/2018/12/06/1https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16867http://www.securityfocus.com/bid/106195https://usn.ubuntu.com/3923-1/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CGCFIFSIWUREEQQOZDZFBYKWZHXCWBZN/https://nvd.nist.govhttps://usn.ubuntu.com/3923-1/https://access.redhat.com/security/cve/cve-2018-16867
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injectionSSRFbuffer overflowCVE-2023-28952CVE-2023-41822CVE-2024-27956CVE-2023-7028CVE-2024-34447CVE-2024-34460
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook