CVE-2018-1064

libvirt version before 4.2.0-rc1 is vulnerable to a resource exhaustion as a result of an incomplete fix for CVE-2018-5748 that affects QEMU monitor but now also triggered via QEMU guest agent.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 73%
VendorProductVersion
debiandebian_linux
7.0
debiandebian_linux
8.0
debiandebian_linux
9.0
redhatlibvirt
𝑥
≤ 4.1.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
libvirt
bullseye
7.0.0-3+deb11u3
fixed
bookworm
9.0.0-4+deb12u1
fixed
sid
10.9.0-1
fixed
trixie
10.9.0-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
libvirt
hirsute
not-affected
groovy
not-affected
focal
not-affected
eoan
not-affected
disco
not-affected
cosmic
not-affected
bionic
Fixed 4.0.0-1ubuntu8.2
released
artful
Fixed 3.6.0-1ubuntu6.8
released
xenial
Fixed 1.3.1-1ubuntu10.24
released
trusty
Fixed 1.2.2-0ubuntu13.1.27
released
Common Weakness Enumeration
References
https://access.redhat.com/errata/RHSA-2018:1396
https://access.redhat.com/errata/RHSA-2018:1929
https://bugzilla.redhat.com/show_bug.cgi?id=1550672
https://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=fbf31e1a4cd19d6f6e33e0937a009775cd7d9513
https://lists.debian.org/debian-lts-announce/2018/03/msg00018.html
https://usn.ubuntu.com/3680-1/
https://www.debian.org/security/2018/dsa-4137
https://access.redhat.com/errata/RHSA-2018:1396
https://access.redhat.com/errata/RHSA-2018:1929
https://bugzilla.redhat.com/show_bug.cgi?id=1550672
https://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=fbf31e1a4cd19d6f6e33e0937a009775cd7d9513
https://lists.debian.org/debian-lts-announce/2018/03/msg00018.html
https://usn.ubuntu.com/3680-1/
https://www.debian.org/security/2018/dsa-4137