CVE-2018-20815

EPSS 1.6%
Veröffentlicht 31.05.2019 22:29:00
Zuletzt bearbeitet 21.11.2024 04:02:14
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

In QEMU 3.1.0, load_device_tree in device_tree.c calls the deprecated load_image function, which has a buffer overflow risk.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 15

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Qemu ≫ Qemu Version3.1.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.6%	0.809

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

https://access.redhat.com/errata/RHSA-2019:2553

https://access.redhat.com/errata/RHSA-2019:1968

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BOE3PVFPMWMXV3DGP2R3XIHAF2ZQU3FS/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RVDHJB2QKXNDU7OFXIHIL5O5VN5QCSZL/

https://access.redhat.com/errata/RHSA-2019:1667

https://access.redhat.com/errata/RHSA-2019:1723

https://access.redhat.com/errata/RHSA-2019:1743

https://access.redhat.com/errata/RHSA-2019:1881

https://access.redhat.com/errata/RHSA-2019:2507

https://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=da885fe1ee8b4589047484bd7fa05a4905b52b17

https://seclists.org/bugtraq/2019/Aug/41

https://www.debian.org/security/2019/dsa-4506

https://nvd.nist.gov/vuln/detail/CVE-2018-20815

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-20815

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-20815

EUVD