What is CVE-2018-17958?

CVE-2018-17958 is a high-severity software vulnerability (Integer overflow) with a CVSS score of 7.5. Qemu has a Buffer Overflow in rtl8139_do_receive in hw/net/rtl8139.c because an incorrect integer data type is used.

Is CVE-2018-17958 being actively exploited?

It is not currently in CISA's KEV catalog. Its EPSS exploitation probability is 6%.

What products does CVE-2018-17958 affect?

Tracked products affected include QEMU. Check the version you run to see whether it is affected.

How do I fix CVE-2018-17958?

Apply the vendor fix promptly. An official patch or advisory is available. Upgrade affected products to a fixed version.

← All products

CVE-2018-17958

HIGH severity · CVSS 7.5 · Integer overflow

7.5CVSS HIGH

Summary

Qemu has a Buffer Overflow in rtl8139_do_receive in hw/net/rtl8139.c because an incorrect integer data type is used.

Impact & exploitability

Attack vectorNetwork

Attack complexityLow

Privileges requiredNone

User interactionNone

Confidentiality impactNone

Integrity impactNone

Availability impactHigh

Exploit probability (EPSS)6%

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected products we track (1)

QEMU

Recommendation

Apply the vendor fix promptly. Open any affected product above for its exact safe version.

Official patch: https://lists.gnu.org/archive/html/qemu-devel/2018-09/msg03269.html ↗

Additional information

NVD record
https://lists.gnu.org/archive/html/qemu-devel/2018-09/msg03269.htmlPatch
http://www.openwall.com/lists/oss-security/2018/10/08/1Advisory
http://www.securityfocus.com/bid/105556Advisory
https://access.redhat.com/errata/RHSA-2019:2425Advisory
https://access.redhat.com/errata/RHSA-2019:2553Advisory
https://lists.debian.org/debian-lts-announce/2019/01/msg00023.htmlAdvisory
https://seclists.org/bugtraq/2019/May/76Advisory
https://usn.ubuntu.com/3826-1/Advisory