CVE-2018-11806

Advisory lineage Upstream: 0 Downstream: 26
Modified
Published: 13 Jun 2018, 16:00
Last modified:05 Aug 2024, 08:17

Vulnerability Summary

Overall Risk (default)
medium
33/100
CVSS Score
8.2 HIGH
v3.1 (nvd)
EPSS Score
0.05% LOW
0% probability 0.00%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

13 Jun 2018, 16:00
Published
Vulnerability first disclosed
05 Aug 2024, 08:17
Last Modified
Vulnerability information updated

Description

m_cat in slirp/mbuf.c in Qemu has a heap-based buffer overflow via incoming fragmented datagrams.

CVSS Metrics

  • v3.1HIGHScore: 8.2CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
  • v2.0HIGHScore: 7.2AV:L/AC:L/Au:N/C:C/I:C/A:C

EPSS Trends

Current EPSS score: 0.05% Percentile: 17%

Techniques & Countermeasures

  • CWE-787Out-of-bounds Write

    The product writes data past the end, or before the beginning, of the intended buffer.

Affected Systems

  • canonicalubuntu_linux

    14.04 | 16.04 | 18.04 | 18.10

  • debiandebian_linux

    8.0 | 9.0

  • qemuqemu

    ≤ 2.12.1

  • redhatenterprise_linux_desktop

    6.0 | 7.0

  • redhatenterprise_linux_eus

    7.5 | 7.6 | 7.7

  • redhatenterprise_linux_server

    6.0 | 7.0

  • redhatenterprise_linux_server_aus

    7.6 | 7.7

  • redhatenterprise_linux_server_tus

    7.6 | 7.7

  • redhatenterprise_linux_workstation

    6.0 | 7.0

  • redhatopenstack

    8 | 9 | 10 | 12 | 13

  • redhatvirtualization

    4.0

References (14)