5 matches found
The vulnerability of the qmp_guest_file_read function in the QEMU hardware emulation software, related to integer overflow, allows a hacker to cause a service failure.
The vulnerability of the qmpguestfileread function in the QEMU hardware emulation software is related to integer overflow. Exploiting this vulnerability allows a malicious actor to trigger a service failure by sending a specially crafted QMP agent command through the listening socket...
SUSE-SU-2018:2679-1 Security update for qemu
This update for qemu fixes the following issues: This security issue was fixed: - CVE-2018-12617: qmpguestfileread had an integer overflow that could have been exploited by sending a crafted QMP command including guest-file-read with a large count value to the agent via the listening socket causi...
QEMU integer overflow vulnerability (CNVD-2018-11977)
QEMU aka Quick Emulator is a set of simulation processor software developed by French programmer Fabrice Bellard. The software is fast and cross-platform. An integer overflow vulnerability exists in the qmpguestfileread routine in the qga/commands-posix.c and qga/commands-win32.c files of qemu-ga...
DEBIAN-CVE-2018-12617
qmpguestfileread in qga/commands-posix.c and qga/commands-win32.c in qemu-ga aka QEMU Guest Agent in QEMU 2.12.50 has an integer overflow causing a gmalloc0 call to trigger a segmentation fault when trying to allocate a large memory chunk. The vulnerability can be exploited by sending a crafted Q...
DEBIAN-CVE-2018-10472
An issue was discovered in Xen through 4.10.x allowing x86 HVM guest OS users in certain configurations to read arbitrary dom0 files via QMP live insertion of a CDROM, in conjunction with specifying the target file as the backing file of a snapshot...