7.8

CVE-2019-13164

qemu-bridge-helper.c in QEMU 3.1 and 4.0.0 does not ensure that a network interface name (obtained from bridge.conf or a --br=bridge option) is limited to the IFNAMSIZ size, which can lead to an ACL bypass.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
QemuQemu Version3.1
QemuQemu Version4.0.0
DebianDebian Linux Version8.0
DebianDebian Linux Version9.0
DebianDebian Linux Version10.0
OpensuseLeap Version15.0
OpensuseLeap Version15.1
CanonicalUbuntu Linux Version14.04 SwEditionesm
CanonicalUbuntu Linux Version16.04 SwEditionesm
CanonicalUbuntu Linux Version18.04 SwEditionlts
CanonicalUbuntu Linux Version19.04
CanonicalUbuntu Linux Version19.10
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.52% 0.402
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 4.6 3.9 6.4
AV:L/AC:L/Au:N/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://lists.debian.org/debian-lts-announce/2019/09/msg00021.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00000.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00008.html
Third Party Advisory
Mailing List
https://usn.ubuntu.com/4191-1/
Third Party Advisory
https://usn.ubuntu.com/4191-2/
Third Party Advisory
https://seclists.org/bugtraq/2019/Aug/41
Third Party Advisory
Mailing List
https://www.debian.org/security/2019/dsa-4506
Third Party Advisory
http://www.openwall.com/lists/oss-security/2019/07/02/2
Third Party Advisory
Mailing List
http://www.securityfocus.com/bid/109054
Broken Link
https://github.com/qemu/qemu/commit/03d7712b4bcd47bfe0fe14ba2fffa87e111fa086
Patch
Third Party Advisory
https://lists.gnu.org/archive/html/qemu-devel/2019-07/msg00145.html
Patch
Vendor Advisory
Mailing List
https://seclists.org/bugtraq/2019/Sep/3
Third Party Advisory
Mailing List
https://security.gentoo.org/glsa/202003-66
Third Party Advisory
https://www.debian.org/security/2019/dsa-4512
Third Party Advisory