PublicDateAtUSN: 2018-01-25
Candidate: CVE-2018-5748
PublicDate: 2018-01-25 16:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5748
 https://www.redhat.com/archives/libvir-list/2017-December/msg00749.html
 https://ubuntu.com/security/notices/USN-3576-1
Description:
 qemu/qemu_monitor.c in libvirt allows attackers to cause a denial of
 service (memory consumption) via a large QEMU reply.
Ubuntu-Description:
Notes:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=887700
Priority: low
Discovered-by: Daniel P. Berrange and Peter Krempa
Assigned-to: mdeslaur
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H [7.5 HIGH]


Patches_libvirt:
 upstream: https://libvirt.org/git/?p=libvirt.git;a=commit;h=bc251ea91bcfddd2622fce6bce701a438b2e7276
upstream_libvirt: needs-triage
precise/esm_libvirt: ignored (end of ESM support, was needed)
trusty_libvirt: released (1.2.2-0ubuntu13.1.26)
trusty/esm_libvirt: released (1.2.2-0ubuntu13.1.26)
xenial_libvirt: released (1.3.1-1ubuntu10.19)
esm-infra/xenial_libvirt: released (1.3.1-1ubuntu10.19)
artful_libvirt: released (3.6.0-1ubuntu6.3)
bionic_libvirt: not-affected (4.0.0-1ubuntu2)
cosmic_libvirt: not-affected (4.0.0-1ubuntu2)
disco_libvirt: not-affected (4.0.0-1ubuntu2)
eoan_libvirt: not-affected (4.0.0-1ubuntu2)
focal_libvirt: not-affected (4.0.0-1ubuntu2)
groovy_libvirt: not-affected (4.0.0-1ubuntu2)
hirsute_libvirt: not-affected (4.0.0-1ubuntu2)
devel_libvirt: not-affected (4.0.0-1ubuntu2)