ID CVE-2018-10908
Summary It was found that vdsm before version 4.20.37 invokes qemu-img on untrusted inputs without limiting resources. By uploading a specially crafted image, an attacker could cause the qemu-img process to consume unbounded amounts of memory of CPU time, causing a denial of service condition that could potentially impact other users of the host.
References
Vulnerable Configurations
CVSS
Base: None
Impact:
Exploitability:
refmap via4
confirm https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10908
misc
Last major update 09-08-2018 - 15:29
Published 09-08-2018 - 15:29
Last modified 09-08-2018 - 15:29
Back to Top