Vulnerability Details : CVE-2018-18438
Qemu has integer overflows because IOReadHandler and its associated functions use a signed integer data type for a size value.
Vulnerability category: Overflow
Products affected by CVE-2018-18438
- cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:openstack:10:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:openstack:9:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:openstack:12:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:openstack:8:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:openstack:13:*:*:*:*:*:*:*
- cpe:2.3:a:qemu:qemu:-:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-18438
0.06%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 23 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-18438
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
2.1
|
LOW | AV:L/AC:L/Au:N/C:N/I:N/A:P |
3.9
|
2.9
|
NIST | |
5.5
|
MEDIUM | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
1.8
|
3.6
|
NIST |
CWE ids for CVE-2018-18438
-
The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.Assigned by: nvd@nist.gov (Primary)
References for CVE-2018-18438
-
https://lists.gnu.org/archive/html/qemu-devel/2018-10/msg02396.html
[Qemu-devel] [PATCH v2 00/11] chardev: Convert IO handlers to use unsignMailing List;Patch;Third Party Advisory
-
http://www.securityfocus.com/bid/105953
QEMU CVE-2018-18438 Local Integer Overflow VulnerabilityThird Party Advisory;VDB Entry
-
http://www.openwall.com/lists/oss-security/2018/10/17/3
oss-security - CVE-2018-18438 Qemu: Integer overflow in ccid_card_vscard_read() allows memory corruptionMailing List;Third Party Advisory
-
https://lists.gnu.org/archive/html/qemu-devel/2018-10/msg02402.html
[Qemu-devel] [PATCH v2 07/11] chardev: Let IOReadHandler use unsigned tyThird Party Advisory;Mailing List;Patch
Jump to