Vulnerability Description
QEMU 3.0.0 has an Integer Overflow because the qga/commands*.c files do not check the length of the argument list or the number of environment variables. NOTE: This has been disputed as not exploitable
CVSS Score
7.5
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Qemu | Qemu | 3.0.0 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/108434Third Party Advisory
- https://lists.gnu.org/archive/html/qemu-devel/2019-01/msg06360.htmlMailing ListPatchThird Party Advisory
- https://lists.gnu.org/archive/html/qemu-devel/2019-05/msg04596.htmlMailing ListPatchThird Party Advisory
- https://lists.gnu.org/archive/html/qemu-devel/2019-05/msg05457.html
- http://www.securityfocus.com/bid/108434Third Party Advisory
- https://lists.gnu.org/archive/html/qemu-devel/2019-01/msg06360.htmlMailing ListPatchThird Party Advisory
- https://lists.gnu.org/archive/html/qemu-devel/2019-05/msg04596.htmlMailing ListPatchThird Party Advisory
- https://lists.gnu.org/archive/html/qemu-devel/2019-05/msg05457.html
FAQ
What is CVE-2019-12247?
CVE-2019-12247 is a vulnerability with a CVSS score of 7.5 (HIGH). QEMU 3.0.0 has an Integer Overflow because the qga/commands*.c files do not check the length of the argument list or the number of environment variables. NOTE: This has been disputed as not exploitabl...
How severe is CVE-2019-12247?
CVE-2019-12247 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-12247?
Check the references section above for vendor advisories and patch information. Affected products include: Qemu Qemu.