Your submission was sent successfully! Close

CVE-2019-12247

Published: 22 May 2019

** DISPUTED ** QEMU 3.0.0 has an Integer Overflow because the qga/commands*.c files do not check the length of the argument list or the number of environment variables. NOTE: This has been disputed as not exploitable.

Priority

Medium

CVSS 3 base score: 7.5

Status

Package Release Status
qemu
Launchpad, Ubuntu, Debian
bionic Ignored

cosmic Ignored

disco Ignored

precise Does not exist

trusty Ignored

upstream Needs triage

xenial Ignored

qemu-kvm
Launchpad, Ubuntu, Debian
bionic Does not exist

cosmic Does not exist

disco Does not exist

precise Ignored

trusty Does not exist

upstream Needs triage

xenial Does not exist

Notes

AuthorNote
mdeslaur
upstream says this issue isn't exploitable, so not a security
issue. See:
https://lists.gnu.org/archive/html/qemu-devel/2019-05/msg05457.html

References

Bugs