{
  "threat_severity" : "Moderate",
  "public_date" : "2018-09-26T00:00:00Z",
  "bugzilla" : {
    "description" : "QEMU: rtl8139: integer overflow leads to buffer overflow",
    "id" : "1636712",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1636712"
  },
  "cvss3" : {
    "cvss3_base_score" : "6.5",
    "cvss3_scoring_vector" : "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-121",
  "details" : [ "Qemu has a Buffer Overflow in rtl8139_do_receive in hw/net/rtl8139.c because an incorrect integer data type is used.", "An integer overflow issue was found in the RTL8139 NIC emulation in QEMU. It could occur while receiving packets over the network if the size value is greater than INT_MAX. Such overflow would lead to stack buffer overflow issue. A user inside guest could use this flaw to crash the QEMU process, resulting in DoS scenario." ],
  "acknowledgement" : "Red Hat would like to thank Arash Tohidi and Daniel Shapira (Twistlock) for reporting this issue.",
  "affected_release" : [ {
    "product_name" : "Red Hat OpenStack Platform 10.0 (Newton)",
    "release_date" : "2019-08-09T00:00:00Z",
    "advisory" : "RHSA-2019:2425",
    "cpe" : "cpe:/a:redhat:openstack:10::el7",
    "package" : "qemu-kvm-rhev-10:2.12.0-33.el7"
  }, {
    "product_name" : "Red Hat OpenStack Platform 13.0 (Queens)",
    "release_date" : "2019-08-09T00:00:00Z",
    "advisory" : "RHSA-2019:2425",
    "cpe" : "cpe:/a:redhat:openstack:13::el7",
    "package" : "qemu-kvm-rhev-10:2.12.0-33.el7"
  }, {
    "product_name" : "Red Hat OpenStack Platform 14.0 (Rocky)",
    "release_date" : "2019-08-09T00:00:00Z",
    "advisory" : "RHSA-2019:2425",
    "cpe" : "cpe:/a:redhat:openstack:14::el7",
    "package" : "qemu-kvm-rhev-10:2.12.0-33.el7"
  }, {
    "product_name" : "Red Hat Virtualization 4 for Red Hat Enterprise Linux 7",
    "release_date" : "2019-08-22T00:00:00Z",
    "advisory" : "RHSA-2019:2553",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7::hypervisor",
    "package" : "qemu-kvm-rhev-10:2.12.0-33.el7"
  }, {
    "product_name" : "Red Hat Virtualization Engine 4.3",
    "release_date" : "2019-08-22T00:00:00Z",
    "advisory" : "RHSA-2019:2553",
    "cpe" : "cpe:/a:redhat:rhev_manager:4.3",
    "package" : "qemu-kvm-rhev-10:2.12.0-33.el7"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 5",
    "fix_state" : "Not affected",
    "package_name" : "kvm",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Will not fix",
    "package_name" : "qemu-kvm",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Will not fix",
    "package_name" : "qemu-kvm",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "qemu-kvm-ma",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "qemu-kvm",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat OpenStack Platform 12 (Pike)",
    "fix_state" : "Affected",
    "package_name" : "qemu-kvm-rhev",
    "cpe" : "cpe:/a:redhat:openstack:12"
  }, {
    "product_name" : "Red Hat OpenStack Platform 8 (Liberty)",
    "fix_state" : "Will not fix",
    "package_name" : "qemu-kvm-rhev",
    "cpe" : "cpe:/a:redhat:openstack:8"
  }, {
    "product_name" : "Red Hat OpenStack Platform 9 (Mitaka)",
    "fix_state" : "Will not fix",
    "package_name" : "qemu-kvm-rhev",
    "cpe" : "cpe:/a:redhat:openstack:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2018-17958\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-17958" ],
  "name" : "CVE-2018-17958",
  "csaw" : false
}