CVE-2018-17962

CWE-119Buffer OverflowCWE-190Integer OverflowCWE-121Stack-based Buffer Overflow10 documents8 sources
Severity
7.5HIGH
EPSS
0.3%
top 50.11%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Canonical Ubuntu LinuxDebian Debian LinuxOracle Linux+3 more
Timeline
PublishedOct 9
Latest updateMay 13

Description

Qemu has a Buffer Overflow in pcnet_receive in hw/net/pcnet.c because an incorrect integer data type is used.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages5 packages

Debianqemu< 1:3.1+dfsg-1+3
NVDqemu/qemu2.1.0, 2.12.0, 2.8.0+2
NVDredhat/linux6.0

Also affects: Debian Linux 8.0, 9.0, Ubuntu Linux 14.04, 16.04, 18.04, 18.10

🔴Vulnerability Details

3
GHSA
GHSA-q23x-9vcw-j6c2: Qemu has a Buffer Overflow in pcnet_receive in hw/net/pcnet2022-05-13
CVEList
CVE-2018-17962: Qemu has a Buffer Overflow in pcnet_receive in hw/net/pcnet2018-10-09
OSV
CVE-2018-17962: Qemu has a Buffer Overflow in pcnet_receive in hw/net/pcnet2018-10-09

📋Vendor Advisories

3
Ubuntu
QEMU vulnerabilities2018-11-26
Red Hat
QEMU: pcnet: integer overflow leads to buffer overflow2018-09-26
Debian
CVE-2018-17962: qemu - Qemu has a Buffer Overflow in pcnet_receive in hw/net/pcnet.c because an incorre...2018

💬Community

3
Bugzilla
CVE-2018-17962 qemu: pcnet: integer overflow leads to buffer overflow [fedora-all]2018-10-07
Bugzilla
CVE-2018-17962 xen: Qemu: pcnet: integer overflow leads to buffer overflow [fedora-all]2018-10-07
Bugzilla
CVE-2018-17962 QEMU: pcnet: integer overflow leads to buffer overflow2018-10-07