5.5
CVE-2019-9824
- EPSS 0.52%
- Veröffentlicht 03.06.2019 21:29:00
- Zuletzt bearbeitet 21.11.2024 04:52:22
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
tcp_emu in slirp/tcp_subr.c (aka slirp/src/tcp_subr.c) in QEMU 3.0.0 uses uninitialized data in an snprintf call, leading to Information disclosure.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.52% | 0.397 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.5 | 1.8 | 3.6 |
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
|
| nvd@nist.gov | 2.1 | 3.9 | 2.9 |
AV:L/AC:L/Au:N/C:P/I:N/A:N
|
CWE-908 Use of Uninitialized Resource
The product uses or accesses a resource that has not been initialized.
https://access.redhat.com/errata/RHSA-2019:2425
https://access.redhat.com/errata/RHSA-2019:2553
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RVDHJB2QKXNDU7OFXIHIL5O5VN5QCSZL/
https://access.redhat.com/errata/RHSA-2019:3345
https://access.redhat.com/errata/RHSA-2019:1650
https://access.redhat.com/errata/RHSA-2019:2078
https://lists.gnu.org/archive/html/qemu-devel/2019-03/msg00400.html