CVE-2018-5748

NameCVE-2018-5748
Descriptionqemu/qemu_monitor.c in libvirt allows attackers to cause a denial of service (memory consumption) via a large QEMU reply.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
ReferencesDLA-1315-1
NVD severitymedium
Debian Bugs887700

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
libvirt (PTS)stretch (security), stretch3.0.0-4+deb9u4fixed
buster5.0.0-4+deb10u1fixed
bullseye6.0.0-6fixed
sid6.0.0-7fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
libvirtsource(unstable)4.0.0-1887700
libvirtsourcejessie1.2.9-9+deb8u5
libvirtsourcestretch3.0.0-4+deb9u2
libvirtsourcewheezy0.9.12.3-1+deb7u3DLA-1315-1

Notes

https://www.redhat.com/archives/libvir-list/2017-December/msg00749.html
https://libvirt.org/git/?p=libvirt.git;a=commit;h=bc251ea91bcfddd2622fce6bce701a438b2e7276

Search for package or bug name: Reporting problems