CVE-2018-12617 — Vulnetix

Try Vulnetix Request Demo

CVE-2018-12617 PUBLISHED

qmp_guest_file_read in qga/commands-posix.c and qga/commands-win32.c in qemu-ga (aka QEMU Guest Agent) in QEMU 2.12.50 has an integer overflow causing a g_malloc0() call to trigger a segmentation fault when trying to allocate a large memory chunk. The vulnerability can be exploited by sending a crafted QMP command (including guest-file-read with a large count value) to the agent via the listening socket.

EPSS 10.99% · 93.4th percentile

Risk Scores

EPSS Score

10.99%

93.4th percentile

Affected Products

Vendor	Product	Versions
Ubuntu:18.04:LTS	qemu	1:2.11+dfsg-1ubuntu7.7, 1:2.11+dfsg-1ubuntu7.6, 1:2.11+dfsg-1ubuntu7.5
Ubuntu:14.04:LTS	qemu	1.7.0+dfsg-3ubuntu2, 1.7.0+dfsg-3ubuntu3, 1.7.0+dfsg-3ubuntu4
Ubuntu:16.04:LTS	qemu	1:2.5+dfsg-5ubuntu10.1, 1:2.5+dfsg-5ubuntu10.2, 1:2.5+dfsg-5ubuntu10.3

Timeline

Jun 21, 2018 CVE Published
Jun 22, 2018 PoC Published
Apr 14, 2021 EPSS Score
Feb 4, 2022 EPSS Score
Mar 7, 2023 EPSS Score
May 8, 2023 EPSS Score
May 13, 2023 EPSS Score
Jun 15, 2023 EPSS Score
Jul 8, 2023 EPSS Score
Sep 30, 2023 EPSS Score
Nov 12, 2023 EPSS Score
Sep 24, 2024 EPSS Score

References

https://ubuntu.com/security/CVE-2018-12617 third-party-advisory
https://gist.github.com/fakhrizulkifli/c7740d28efa07dafee66d4da5d857ef6 third-party-advisory
https://lists.gnu.org/archive/html/qemu-devel/2018-06/msg03385.html third-party-advisory
https://ubuntu.com/security/notices/USN-3826-1 vendor-advisory
https://www.cve.org/CVERecord?id=CVE-2018-12617 third-party-advisory

Open in Interactive Console →