CVE-2018-18438
https://notcve.org/view.php?id=CVE-2018-18438
Qemu has integer overflows because IOReadHandler and its associated functions use a signed integer data type for a size value. Qemu tiene desbordamientos de enteros debido a que IOReadHandler y sus funciones asociadas emplean un tipo de datos de enteros firmados para un valor tamaño. • http://www.openwall.com/lists/oss-security/2018/10/17/3 http://www.securityfocus.com/bid/105953 https://lists.gnu.org/archive/html/qemu-devel/2018-10/msg02396.html https://lists.gnu.org/archive/html/qemu-devel/2018-10/msg02402.html • CWE-190: Integer Overflow or Wraparound •
CVE-2018-17963 – QEMU: net: ignore packets with large size
https://notcve.org/view.php?id=CVE-2018-17963
qemu_deliver_packet_iov in net/net.c in Qemu accepts packet sizes greater than INT_MAX, which allows attackers to cause a denial of service or possibly have unspecified other impact. qemu_deliver_packet_iov en net/net.c en Qemu acepta tamaños de paquetes mayores a INT_MAX, lo que permite que los atacantes provoquen una denegación de servicio (DoS) o tengan otro tipo de impacto sin especificar. A potential integer overflow issue was found in the networking back-end of QEMU. It could occur while receiving packets, because it accepted packets with large size value. Such overflow could lead to OOB buffer access issue. A user inside guest could use this flaw to crash the QEMU process resulting in DoS. • http://www.openwall.com/lists/oss-security/2018/10/08/1 https://access.redhat.com/errata/RHSA-2019:2166 https://access.redhat.com/errata/RHSA-2019:2425 https://access.redhat.com/errata/RHSA-2019:2553 https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html https://lists.gnu.org/archive/html/qemu-devel/2018-09/msg03267.html https://lists.gnu.org/archive/html/qemu-devel/2018-11/msg06054.html https://usn.ubuntu.com/3826-1 https://www.debian.org/securi • CWE-121: Stack-based Buffer Overflow CWE-190: Integer Overflow or Wraparound •
CVE-2018-17205 – openvswitch: Error during bundle commit in ofproto/ofproto.c:ofproto_rule_insert__() allows for crash
https://notcve.org/view.php?id=CVE-2018-17205
An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6, affecting ofproto_rule_insert__ in ofproto/ofproto.c. During bundle commit, flows that are added in a bundle are applied to ofproto in order. If a flow cannot be added (e.g., the flow action is a go-to for a group id that does not exist), OvS tries to revert back all previous flows that were successfully applied from the same bundle. This is possible since OvS maintains list of old flows that were replaced by flows from the bundle. While reinserting old flows, OvS has an assertion failure due to a check on rule state ! • https://access.redhat.com/errata/RHSA-2018:3500 https://access.redhat.com/errata/RHSA-2019:0053 https://access.redhat.com/errata/RHSA-2019:0081 https://github.com/openvswitch/ovs/commit/0befd1f3745055c32940f5faf9559be6a14395e6 https://usn.ubuntu.com/3873-1 https://access.redhat.com/security/cve/CVE-2018-17205 https://bugzilla.redhat.com/show_bug.cgi?id=1632525 • CWE-20: Improper Input Validation CWE-617: Reachable Assertion •
CVE-2018-17206 – openvswitch: Buffer over-read in lib/ofp-actions.c:decode_bundle()
https://notcve.org/view.php?id=CVE-2018-17206
An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6. The decode_bundle function inside lib/ofp-actions.c is affected by a buffer over-read issue during BUNDLE action decoding. Se ha descubierto un problema en Open vSwitch, en versiones 2.7.x hasta la 2.7.6. La función decode_bundle dentro de lib/ofp-actions.c se ve afectada por un problema de sobrelectura de búfer durante la decodificación de la acción BUNDLE. An issue was discovered in Open vSwitch (OvS) 2.5.x through 2.5.5, 2.6.x through 2.6.3, 2.7.x through 2.7.6, 2.8.x through 2.8.4, and 2.9.x through 2.9.2 where the decode_bundle function inside lib/ofp-actions.c is affected by a buffer over-read issue during BUNDLE action decoding. A specially crafted flow update applied using the bundling feature of Open vSwitch could potentially cause a crash leading to a denial of service. • https://access.redhat.com/errata/RHSA-2018:3500 https://access.redhat.com/errata/RHSA-2019:0053 https://access.redhat.com/errata/RHSA-2019:0081 https://github.com/openvswitch/ovs/commit/9237a63c47bd314b807cda0bd2216264e82edbe8 https://lists.debian.org/debian-lts-announce/2021/02/msg00032.html https://usn.ubuntu.com/3873-1 https://access.redhat.com/security/cve/CVE-2018-17206 https://bugzilla.redhat.com/show_bug.cgi?id=1632528 • CWE-125: Out-of-bounds Read •
CVE-2018-17204 – openvswitch: Mishandle of group mods in lib/ofp-util.c:parse_group_prop_ntr_selection_method() allows for assertion failure
https://notcve.org/view.php?id=CVE-2018-17204
An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6, affecting parse_group_prop_ntr_selection_method in lib/ofp-util.c. When decoding a group mod, it validates the group type and command after the whole group mod has been decoded. The OF1.5 decoder, however, tries to use the type and command earlier, when it might still be invalid. This causes an assertion failure (via OVS_NOT_REACHED). ovs-vswitchd does not enable support for OpenFlow 1.5 by default. Se ha descubierto un problema en Open vSwitch (OvS) en versiones 2.7.x hasta la 2.7.6 que afecta a parse_group_prop_ntr_selection_method en lib/ofp-util.c. • https://access.redhat.com/errata/RHSA-2018:3500 https://access.redhat.com/errata/RHSA-2019:0053 https://access.redhat.com/errata/RHSA-2019:0081 https://github.com/openvswitch/ovs/commit/4af6da3b275b764b1afe194df6499b33d2bf4cde https://lists.debian.org/debian-lts-announce/2021/02/msg00032.html https://usn.ubuntu.com/3873-1 https://access.redhat.com/security/cve/CVE-2018-17204 https://bugzilla.redhat.com/show_bug.cgi?id=1632522 • CWE-20: Improper Input Validation CWE-617: Reachable Assertion •