Published: 25/01/2018 Updated: 15/10/2020

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

qemu/qemu_monitor.c in libvirt allows malicious users to cause a denial of service (memory consumption) via a large QEMU reply.

Vulnerable Product	Search on Vulmon	Subscribe to Product
redhat libvirt -
debian debian linux 7.0
debian debian linux 8.0
debian debian linux 9.0
redhat enterprise linux desktop 7.0
redhat enterprise linux workstation 7.0
redhat enterprise linux server aus 7.6
redhat enterprise linux server eus 7.5
redhat enterprise linux server 6.0
redhat enterprise linux server 7.0
redhat enterprise linux server eus 7.6
redhat enterprise linux desktop 6.0
redhat enterprise linux workstation 6.0
redhat enterprise linux server tus 7.6

Debian Bug report logs - #887700 libvirt: CVE-2018-5748: resource exhaustion via qemuMonitorIORead() method Package: src:libvirt; Maintainer for src:libvirt is Debian Libvirt Maintainers <pkg-libvirt-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 19 Jan 2018 08:0 ...

Several security issues were fixed in libvirt ...

Synopsis Low: libvirt security update Type/Severity Security Advisory: Low Topic An update for libvirt is now available for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact of Low A Common Vulnerability Scoring System (CVSS) base score, which gives a det ...

Synopsis Low: libvirt security and bug fix update Type/Severity Security Advisory: Low Topic An update for libvirt is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Low A Common Vulnerability Scoring System (CVSS) base score, which ...

Several vulnerabilities were discovered in Libvirt, a virtualisation abstraction library: CVE-2018-1064 Daniel Berrange discovered that the QEMU guest agent performed insufficient validation of incoming data, which allows a privileged user in the guest to exhaust resources on the virtualisation host, resulting in denial of service ...

An incomplete fix for CVE-2018-5748 that affects QEMU monitor leading to a resource exhaustion but now also triggered via QEMU guest agent(CVE-2018-1064) qemu/qemu_monitorc in libvirt allows attackers to cause a denial of service (memory consumption) via a large QEMU reply(CVE-2018-5748) An industry-wide issue was found in the way many modern mi ...

qemu/qemu_monitorc in libvirt allows attackers to cause a denial of service (memory consumption) via a large QEMU reply ...

CWE-400 https://www.redhat.com/archives/libvir-list/2018-January/msg00527.html http://www.securityfocus.com/bid/102825 https://www.debian.org/security/2018/dsa-4137 https://lists.debian.org/debian-lts-announce/2018/03/msg00018.html https://access.redhat.com/errata/RHSA-2018:1396 https://access.redhat.com/errata/RHSA-2018:1929 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=887700 https://usn.ubuntu.com/3576-1/https://nvd.nist.gov

CVE-2018-5748

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect