QwikSec

Security Database

CVE

CWE

Training

CVE-2018-12617

Published: Jun 21, 2018

Modified: Aug 5, 2024

PUBLISHED

Description

qmp_guest_file_read in qga/commands-posix.c and qga/commands-win32.c in qemu-ga (aka QEMU Guest Agent) in QEMU 2.12.50 has an integer overflow causing a g_malloc0() call to trigger a segmentation fault when trying to allocate a large memory chunk. The vulnerability can be exploited by sending a crafted QMP command (including guest-file-read with a large count value) to the agent via the listening socket.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

[debian-lts-announce] 20190228 [SECURITY] [DLA 1694-1] qemu security update

mailing-list

x_refsource_MLIST

https://gist.github.com/fakhrizulkifli/c7740d28efa07dafee66d4da5d857ef6

x_refsource_MISC

vendor-advisory

x_refsource_UBUNTU

https://lists.gnu.org/archive/html/qemu-devel/2018-06/msg03385.html

x_refsource_MISC

vdb-entry

x_refsource_BID

exploit

x_refsource_EXPLOIT-DB

vendor-advisory

x_refsource_DEBIAN

20190531 [SECURITY] [DSA 4454-1] qemu security update

mailing-list

x_refsource_BUGTRAQ

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.