Main Vulnerability Database Exploits ID:6402 - Exploit for Integer overflow in QEMU - CVE-2018-12617

ID:6402 - Exploit for Integer overflow in QEMU - CVE-2018-12617

Published: June 17, 2021

Vulnerability identifier: #VU14116

Vulnerability risk: Low

CVE-ID: CVE-2018-12617

CWE-ID: CWE-190

Exploitation vector: Remote access

Vulnerable software:
QEMU

Link to public exploit:

https://www.exploit-db.com/exploits/44925/

Vulnerability description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists due to integer overflow in qmp_guest_file_read in qga/commands-posix.c and qga/commands-win32.c in qemu-ga (aka QEMU Guest Agent). A remote attacker can send a specially crafted QMP command (including guest-file-read with a large count value) to the agent via the listening socket, cause a g_malloc0() call to trigger a segmentation fault when trying to allocate a large memory chunk and cause the service to crash.

Remediation

Install update from vendor's website.

ID:6402 - Exploit for Integer overflow in QEMU - CVE-2018-12617

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human