Main Vulnerability Database Vulnerabilities #VU16198

#VU16198 Integer overflow in QEMU - CVE-2018-19665

Published: November 30, 2018

Vulnerability identifier: #VU16198

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2018-19665

CWE-ID: CWE-190

Exploitation vector: Adjecent network

Exploit availability: No public exploit available

Vulnerable software:
QEMU

Software vendor:
QEMU

Description

The vulnerability allows an adjacent attacker to cause DoS condition on the target system.

The vulnerability exists due to integer overflow in various Bluetooth functions in routines wherein 'len' parameter is a 'signed int' which subsequently converts to an unsigned integer. An adjacent attacker can trigger memory corruption and cause the service to crash.

Remediation

Install update from vendor's website.

External links

https://lists.gnu.org/archive/html/qemu-devel/2018-11/msg03570.html

#VU16198 Integer overflow in QEMU - CVE-2018-19665

Description

Remediation

External links

Please verify you're human