CVE-2018-5748

NameCVE-2018-5748
Descriptionqemu/qemu_monitor.c in libvirt allows attackers to cause a denial of service (memory consumption) via a large QEMU reply.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
ReferencesDLA-1315-1
NVD severitymedium (attack range: remote)
Debian Bugs887700

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
libvirt (PTS)jessie (security), jessie1.2.9-9+deb8u5fixed
stretch (security), stretch3.0.0-4+deb9u3fixed
buster, sid4.7.0-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
libvirtsource(unstable)4.0.0-1medium887700
libvirtsourcejessie1.2.9-9+deb8u5medium
libvirtsourcestretch3.0.0-4+deb9u2medium
libvirtsourcewheezy0.9.12.3-1+deb7u3mediumDLA-1315-1

Notes

https://www.redhat.com/archives/libvir-list/2017-December/msg00749.html
https://libvirt.org/git/?p=libvirt.git;a=commit;h=bc251ea91bcfddd2622fce6bce701a438b2e7276

Search for package or bug name: Reporting problems