Lucene search

Ubuntu.comUB:CVE-2018-18438

HistoryOct 19, 2018 - 12:00 a.m.

CVE-2018-18438

2018-10-1900:00:00

ubuntu.com

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

23.9%

JSON

Qemu has integer overflows because IOReadHandler and its associated
functions use a signed integer data type for a size value.

Bugs

<https://bugzilla.redhat.com/show_bug.cgi?id=1609015>

Notes

Author	Note
mdeslaur	as of 2020-05-13, proposed fix not commited
sbeattie	Red Hat asserts that they have audited the code in question and that no code paths can lead to an integer overflow.
mdeslaur	marking as not-affected, as there is no indication this leads to a security issue.

References

launchpad.net/bugs/cve/CVE-2018-18438

nvd.nist.gov/vuln/detail/CVE-2018-18438

security-tracker.debian.org/tracker/CVE-2018-18438

www.cve.org/CVERecord?id=CVE-2018-18438

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

23.9%

JSON

Related for UB:CVE-2018-18438