CVE-2018-10839 — MEDIUM (6.5)

Q: How severe is CVE-2018-10839?

CVE-2018-10839 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2018-10839?

Check the references section above for vendor advisories and patch information. Affected products include: Qemu Qemu, Canonical Ubuntu Linux, Debian Debian Linux.

Vulnerability Description

Qemu emulator <= 3.0.0 built with the NE2000 NIC emulation support is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network. A user inside guest could use this flaw to crash the Qemu process resulting in DoS.

CVSS Score

6.5

MEDIUM

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

LOW

Availability

HIGH

Affected Products

Vendor	Product	Versions
Qemu	Qemu	<= 3.0.0
Canonical	Ubuntu Linux	14.04
Debian	Debian Linux	8.0

Related Weaknesses (CWE)

CWE-121 CWE-190

References

https://access.redhat.com/errata/RHSA-2019:2892
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10839Issue TrackingThird Party Advisory
https://lists.debian.org/debian-lts-announce/2018/11/msg00038.htmlThird Party Advisory
https://lists.gnu.org/archive/html/qemu-devel/2018-09/msg03273.htmlExploitMailing ListThird Party Advisory
https://usn.ubuntu.com/3826-1/PatchVendor Advisory
https://www.debian.org/security/2018/dsa-4338Vendor Advisory
https://www.openwall.com/lists/oss-security/2018/10/08/1Mailing ListThird Party Advisory
https://access.redhat.com/errata/RHSA-2019:2892
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10839Issue TrackingThird Party Advisory
https://lists.debian.org/debian-lts-announce/2018/11/msg00038.htmlThird Party Advisory
https://lists.gnu.org/archive/html/qemu-devel/2018-09/msg03273.htmlExploitMailing ListThird Party Advisory
https://usn.ubuntu.com/3826-1/PatchVendor Advisory
https://www.debian.org/security/2018/dsa-4338Vendor Advisory
https://www.openwall.com/lists/oss-security/2018/10/08/1Mailing ListThird Party Advisory

FAQ

What is CVE-2018-10839?

CVE-2018-10839 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Qemu emulator <= 3.0.0 built with the NE2000 NIC emulation support is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the netwo...

How severe is CVE-2018-10839?

CVE-2018-10839 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-10839?

Check the references section above for vendor advisories and patch information. Affected products include: Qemu Qemu, Canonical Ubuntu Linux, Debian Debian Linux.