CVE-2019-12247Integer Overflow or Wraparound in Qemu

CWE-190Integer Overflow or Wraparound7 documents6 sources
Severity
7.5HIGHNVD
EPSS
0.5%
top 32.31%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
QemuDebian Qemu
Timeline
PublishedMay 22
Latest updateMay 24

Description

QEMU 3.0.0 has an Integer Overflow because the qga/commands*.c files do not check the length of the argument list or the number of environment variables. NOTE: This has been disputed as not exploitable

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

NVDqemu/qemu3.0.0
debiandebian/qemu

Patches

Patch: lists.gnu.orgPatch: lists.gnu.orgPatch: lists.gnu.org

🔴Vulnerability Details

2
GHSA
GHSA-rpv4-4xh7-p4f6: QEMU 32022-05-24
OSV
CVE-2019-12247: QEMU 32019-05-22

📋Vendor Advisories

2
Red Hat
QEMU: qemu-guest-agent: integer overflow while running guest-exec command2019-01-07
Debian
CVE-2019-12247: qemu - QEMU 3.0.0 has an Integer Overflow because the qga/commands*.c files do not chec...2019

💬Community

2
Bugzilla
CVE-2019-12247 qemu: qemu-guest-agent: integer overflow while running guest-exec command [fedora-all]2019-05-22
Bugzilla
CVE-2019-12247 QEMU: qemu-guest-agent: integer overflow while running guest-exec command2019-05-22