CVE-2018-17963

qemu_deliver_packet_iov in net/net.c in Qemu accepts packet sizes greater than INT_MAX, which allows attackers to cause a denial of service or possibly have unspecified other impact.

Link	Resource
https://lists.gnu.org/archive/html/qemu-devel/2018-09/msg03267.html	Mailing List Patch
http://www.openwall.com/lists/oss-security/2018/10/08/1	Mailing List Third Party Advisory
https://www.debian.org/security/2018/dsa-4338	Third Party Advisory
https://usn.ubuntu.com/3826-1/	Third Party Advisory
https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html	Mailing List Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2166	Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2425	Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2553	Third Party Advisory
https://lists.gnu.org/archive/html/qemu-devel/2018-11/msg06054.html	Mailing List Patch

Configuration 1

cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:* cpe:2.3:a:qemu:qemu:3.1.0:rc1:*:*:*:*:*:* cpe:2.3:a:qemu:qemu:3.1.0:rc2:*:*:*:*:*:* cpe:2.3:a:qemu:qemu:3.1.0:rc0:*:*:*:*:*:* cpe:2.3:a:qemu:qemu:3.1.0:rc3:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:* cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:* cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:* cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:* cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:* cpe:2.3:a:redhat:openstack:10:*:*:*:*:*:*:* cpe:2.3:a:redhat:virtualization_manager:4.3:*:*:*:*:*:*:* cpe:2.3:a:redhat:openstack:14:*:*:*:*:*:*:* cpe:2.3:a:redhat:openstack:13:*:*:*:*:*:*:*

---

Published : 2018-10-09 10:29

Updated : 2021-08-04 05:14

---

NVD link : CVE-2018-17963

Mitre link : CVE-2018-17963

No products.

CWE-190