CVE-2018-5748

NameCVE-2018-5748
Descriptionqemu/qemu_monitor.c in libvirt allows attackers to cause a denial of service (memory consumption) via a large QEMU reply.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDLA-1315-1
Debian Bugs887700

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
libvirt (PTS)buster5.0.0-4+deb10u1fixed
bullseye7.0.0-3+deb11u2fixed
bookworm9.0.0-4fixed
trixie, sid9.7.0-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
libvirtsourcewheezy0.9.12.3-1+deb7u3DLA-1315-1
libvirtsourcejessie1.2.9-9+deb8u5
libvirtsourcestretch3.0.0-4+deb9u2
libvirtsource(unstable)4.0.0-1887700

Notes

https://www.redhat.com/archives/libvir-list/2017-December/msg00749.html
https://libvirt.org/git/?p=libvirt.git;a=commit;h=bc251ea91bcfddd2622fce6bce701a438b2e7276
Search for package or bug name: Reporting problems