CVE-2018-5748Uncontrolled Resource Consumption in Redhat Libvirt

CWE-400Uncontrolled Resource Consumption18 documents8 sources
Severity
7.5HIGHNVD
OSV9.8
EPSS
1.5%
top 18.88%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
9
Redhat LibvirtLibvirtDebian Linux+6 more
Timeline
PublishedJan 25
Latest updateMay 14

Description

qemu/qemu_monitor.c in libvirt allows attackers to cause a denial of service (memory consumption) via a large QEMU reply.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages7 packages

Debianredhat/libvirt< 4.1.0-1+7
Ubunturedhat/libvirt< 1.2.2-0ubuntu13.1.26+1
NVDredhat/libvirt4.1.0
CVEListV5libvirt/libvirtbefore 4.2.0-rc1

Also affects: Debian Linux 7.0, 8.0, 9.0, Enterprise Linux 7.6, 7.5

Patches

Patch: www.redhat.comPatch: www.redhat.com

🔴Vulnerability Details

7
GHSA
GHSA-r8xf-5287-837j: libvirt version before 42022-05-14
GHSA
GHSA-vgrm-6fx3-7frj: qemu/qemu_monitor2022-05-13
CVEList
CVE-2018-1064: libvirt version before 42018-03-28
OSV
CVE-2018-1064: libvirt version before 42018-03-28
OSV
libvirt vulnerabilities2018-02-20

📋Vendor Advisories

5
Red Hat
libvirt: Incomplete fix for CVE-2018-5748 triggered by QEMU guest agent2018-03-14
Ubuntu
libvirt vulnerabilities2018-02-20
Red Hat
libvirt: Resource exhaustion via qemuMonitorIORead() method2018-01-16
Debian
CVE-2018-1064: libvirt - libvirt version before 4.2.0-rc1 is vulnerable to a resource exhaustion as a res...2018
Debian
CVE-2018-5748: libvirt - qemu/qemu_monitor.c in libvirt allows attackers to cause a denial of service (me...2018

💬Community

4
Bugzilla
CVE-2018-1064 mingw-libvirt: libvirt: Incomplete fix for CVE-2018-5748 triggered by QEMU guest agent [fedora-all]2018-03-22
Bugzilla
CVE-2018-1064 libvirt: Incomplete fix for CVE-2018-5748 triggered by QEMU guest agent2018-03-01
Bugzilla
CVE-2018-5748 Libvirt: resource exhaustion via qemuMonitorIORead() method [fedora-all]2018-01-18
Bugzilla
CVE-2018-5748 libvirt: Resource exhaustion via qemuMonitorIORead() method2017-12-21
CVE-2018-5748 — Uncontrolled Resource Consumption | cvebase