CVE-2018-1064

Advisory lineage Upstream: 0 Downstream: 15

Downstream

DEBIAN-CVE-2018-1064 DLA-1315-1 DSA-4137-1 MGASA-2018-0186 OPENSUSE-SU-2024:11008-1 RHSA-2018:1396

Modified

Published: 28 Mar 2018, 18:00

Last modified:17 Sept 2024, 01:51

Vulnerability Summary

Overall Risk (default)

medium

30/100

CVSS Score

7.5 HIGH

v3.0 (nvd)

EPSS Score

1.42% LOW

1% probability +0.13%

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

28 Mar 2018, 18:00

Published

Vulnerability first disclosed

17 Sept 2024, 01:51

Last Modified

Vulnerability information updated

Description

libvirt version before 4.2.0-rc1 is vulnerable to a resource exhaustion as a result of an incomplete fix for CVE-2018-5748 that affects QEMU monitor but now also triggered via QEMU guest agent.

CVSS Metrics

v3.0•HIGH•Score: 7.5CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
v2.0•MEDIUM•Score: 5AV:N/AC:L/Au:N/C:N/I:N/A:P

EPSS Trends

Current EPSS score: 1.42%• Percentile: 81%

Techniques & Countermeasures

CWE-400•Uncontrolled Resource Consumption
The product does not properly control the allocation and maintenance of a limited resource.

Affected Systems

debian•debian_linux
7.0 | 8.0 | 9.0
libvirt•libvirt
< 4.2.0-rc1
redhat•libvirt
≤ 4.1.0