Vulnerability Details : CVE-2018-19665
The Bluetooth subsystem in QEMU mishandles negative values for length variables, leading to memory corruption.
Vulnerability category: OverflowMemory Corruption
Exploit prediction scoring system (EPSS) score for CVE-2018-19665
Probability of exploitation activity in the next 30 days: 0.06%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 23 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2018-19665
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
2.7
|
LOW | AV:A/AC:L/Au:S/C:N/I:N/A:P |
5.1
|
2.9
|
NIST |
5.7
|
MEDIUM | CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
2.1
|
3.6
|
NIST |
CWE ids for CVE-2018-19665
-
The product performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control.Assigned by: nvd@nist.gov (Primary)
References for CVE-2018-19665
-
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00072.html
[security-announce] openSUSE-SU-2019:1226-1: important: Security updateMailing List;Third Party Advisory
-
http://www.openwall.com/lists/oss-security/2018/11/29/1
oss-security - CVE-2018-19665 Qemu: bt: integer overflow in Bluetooth routines allows memory corruptionMailing List;Patch;Third Party Advisory
-
https://lists.gnu.org/archive/html/qemu-devel/2018-11/msg03570.html
[Qemu-devel] [PATCH v2] bt: use size_t type for length parameters insteaMailing List;Patch;Third Party Advisory
-
http://www.securityfocus.com/bid/106050
QEMU CVE-2018-19665 Integer Overflow VulnerabilityThird Party Advisory;VDB Entry
Products affected by CVE-2018-19665
- cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*
- cpe:2.3:a:qemu:qemu:3.1.0:rc0:*:*:*:*:*:*
- cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*