CVE-2018-12617
CVE-2018-12617
qmp_guest_file_read in qga/commands-posix.c and qga/commands-win32.c in qemu-ga (aka QEMU Guest Agent) in QEMU 2.12.50 has an integer overflow causing a g_malloc0() call to trigger a segmentation fault when trying to allocate a large memory chunk. The vulnerability can be exploited by sending a crafted QMP command (including guest-file-read with a large count value) to the agent via the listening socket.
Affected products
n/a · n/apublic PoCs found — 2
cve_referencewww.exploit-db.com/exploits/44925/unverifiedexploitdbwww.exploit-db.com/exploits/44925unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://gist.github.com/fakhrizulkifli/c7740d28efa07dafee66d4da5d857ef6https://lists.debian.org/debian-lts-announce/2019/02/msg00041.htmlhttps://lists.gnu.org/archive/html/qemu-devel/2018-06/msg03385.htmlhttps://seclists.org/bugtraq/2019/May/76https://usn.ubuntu.com/3826-1/https://www.debian.org/security/2019/dsa-4454https://www.exploit-db.com/exploits/44925/http://www.securityfocus.com/bid/104531