Vulnerability Details CVE-2018-10908
It was found that vdsm before version 4.20.37 invokes qemu-img on untrusted inputs without limiting resources. By uploading a specially crafted image, an attacker could cause the qemu-img process to consume unbounded amounts of memory of CPU time, causing a denial of service condition that could potentially impact other users of the host.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 55.4%
CVSS Severity
CVSS v3 Score 6.5
CVSS v2 Score 7.1
References
- http://lists.nongnu.org/archive/html/qemu-block/2018-07/msg00488.html
- https://access.redhat.com/errata/RHEA-2018:2624
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10908
- https://gerrit.ovirt.org/#/c/93195/
- http://lists.nongnu.org/archive/html/qemu-block/2018-07/msg00488.html
- https://access.redhat.com/errata/RHEA-2018:2624
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10908
- https://gerrit.ovirt.org/#/c/93195/
Products affected by CVE-2018-10908
-
cpe:2.3:a:ovirt:vdsm:-
-
cpe:2.3:a:ovirt:vdsm:1.0.0
-
cpe:2.3:a:ovirt:vdsm:1.0.10
-
cpe:2.3:a:ovirt:vdsm:1.0.11
-
cpe:2.3:a:ovirt:vdsm:1.0.12
-
cpe:2.3:a:ovirt:vdsm:1.0.13
-
cpe:2.3:a:ovirt:vdsm:1.0.14
-
cpe:2.3:a:ovirt:vdsm:1.0.15
-
cpe:2.3:a:ovirt:vdsm:1.0.2
-
cpe:2.3:a:ovirt:vdsm:1.0.3
-
cpe:2.3:a:ovirt:vdsm:1.0.4
-
cpe:2.3:a:ovirt:vdsm:1.0.5
-
cpe:2.3:a:ovirt:vdsm:1.0.6
-
cpe:2.3:a:ovirt:vdsm:1.0.7
-
cpe:2.3:a:ovirt:vdsm:1.0.9
-
cpe:2.3:a:ovirt:vdsm:1.1.0
-
cpe:2.3:a:ovirt:vdsm:1.1.10
-
cpe:2.3:a:ovirt:vdsm:1.1.11
-
cpe:2.3:a:ovirt:vdsm:1.1.12
-
cpe:2.3:a:ovirt:vdsm:1.1.13
-
cpe:2.3:a:ovirt:vdsm:1.1.14
-
cpe:2.3:a:ovirt:vdsm:1.1.15
-
cpe:2.3:a:ovirt:vdsm:1.1.16
-
cpe:2.3:a:ovirt:vdsm:1.1.5
-
cpe:2.3:a:ovirt:vdsm:1.1.6
-
cpe:2.3:a:ovirt:vdsm:1.1.7
-
cpe:2.3:a:ovirt:vdsm:1.1.8
-
cpe:2.3:a:ovirt:vdsm:1.1.9
-
cpe:2.3:a:ovirt:vdsm:1.2.10
-
cpe:2.3:a:ovirt:vdsm:1.2.3
-
cpe:2.3:a:ovirt:vdsm:1.2.4
-
cpe:2.3:a:ovirt:vdsm:1.2.5
-
cpe:2.3:a:ovirt:vdsm:1.2.6
-
cpe:2.3:a:ovirt:vdsm:1.2.7
-
cpe:2.3:a:ovirt:vdsm:1.2.8
-
cpe:2.3:a:ovirt:vdsm:1.2.9
-
cpe:2.3:a:ovirt:vdsm:1.3.10
-
cpe:2.3:a:ovirt:vdsm:1.3.11
-
cpe:2.3:a:ovirt:vdsm:1.3.12
-
cpe:2.3:a:ovirt:vdsm:1.3.3
-
cpe:2.3:a:ovirt:vdsm:1.3.4
-
cpe:2.3:a:ovirt:vdsm:1.3.5
-
cpe:2.3:a:ovirt:vdsm:1.3.6
-
cpe:2.3:a:ovirt:vdsm:1.3.7
-
cpe:2.3:a:ovirt:vdsm:1.3.8
-
cpe:2.3:a:ovirt:vdsm:1.3.9
-
cpe:2.3:a:ovirt:vdsm:1.4.0
-
cpe:2.3:a:ovirt:vdsm:1.4.1
-
cpe:2.3:a:ovirt:vdsm:1.4.2
-
cpe:2.3:a:ovirt:vdsm:1.4.3
-
cpe:2.3:a:ovirt:vdsm:1.4.4
-
cpe:2.3:a:ovirt:vdsm:1.4.5
-
cpe:2.3:a:ovirt:vdsm:1.4.6
-
cpe:2.3:a:ovirt:vdsm:4.10.0
-
cpe:2.3:a:ovirt:vdsm:4.10.1
-
cpe:2.3:a:ovirt:vdsm:4.10.2
-
cpe:2.3:a:ovirt:vdsm:4.10.3
-
cpe:2.3:a:ovirt:vdsm:4.11.0
-
cpe:2.3:a:ovirt:vdsm:4.11.1
-
cpe:2.3:a:ovirt:vdsm:4.12.0
-
cpe:2.3:a:ovirt:vdsm:4.12.0-rc1
-
cpe:2.3:a:ovirt:vdsm:4.12.0-rc2
-
cpe:2.3:a:ovirt:vdsm:4.12.0-rc3
-
cpe:2.3:a:ovirt:vdsm:4.12.1
-
cpe:2.3:a:ovirt:vdsm:4.12.2
-
cpe:2.3:a:ovirt:vdsm:4.13.0
-
cpe:2.3:a:ovirt:vdsm:4.13.1
-
cpe:2.3:a:ovirt:vdsm:4.13.2
-
cpe:2.3:a:ovirt:vdsm:4.13.3
-
cpe:2.3:a:ovirt:vdsm:4.13.3.1
-
cpe:2.3:a:ovirt:vdsm:4.13.4
-
cpe:2.3:a:ovirt:vdsm:4.14.0
-
cpe:2.3:a:ovirt:vdsm:4.14.1
-
cpe:2.3:a:ovirt:vdsm:4.14.10
-
cpe:2.3:a:ovirt:vdsm:4.14.11
-
cpe:2.3:a:ovirt:vdsm:4.14.11.1
-
cpe:2.3:a:ovirt:vdsm:4.14.11.2
-
cpe:2.3:a:ovirt:vdsm:4.14.12
-
cpe:2.3:a:ovirt:vdsm:4.14.13
-
cpe:2.3:a:ovirt:vdsm:4.14.14
-
cpe:2.3:a:ovirt:vdsm:4.14.15
-
cpe:2.3:a:ovirt:vdsm:4.14.16
-
cpe:2.3:a:ovirt:vdsm:4.14.17
-
cpe:2.3:a:ovirt:vdsm:4.14.2
-
cpe:2.3:a:ovirt:vdsm:4.14.3
-
cpe:2.3:a:ovirt:vdsm:4.14.4
-
cpe:2.3:a:ovirt:vdsm:4.14.5
-
cpe:2.3:a:ovirt:vdsm:4.14.6
-
cpe:2.3:a:ovirt:vdsm:4.14.7
-
cpe:2.3:a:ovirt:vdsm:4.14.8
-
cpe:2.3:a:ovirt:vdsm:4.14.8.1
-
cpe:2.3:a:ovirt:vdsm:4.14.9
-
cpe:2.3:a:ovirt:vdsm:4.15.0
-
cpe:2.3:a:ovirt:vdsm:4.16.0
-
cpe:2.3:a:ovirt:vdsm:4.16.1
-
cpe:2.3:a:ovirt:vdsm:4.16.10
-
cpe:2.3:a:ovirt:vdsm:4.16.11
-
cpe:2.3:a:ovirt:vdsm:4.16.12
-
cpe:2.3:a:ovirt:vdsm:4.16.13
-
cpe:2.3:a:ovirt:vdsm:4.16.14
-
cpe:2.3:a:ovirt:vdsm:4.16.15
-
cpe:2.3:a:ovirt:vdsm:4.16.16
-
cpe:2.3:a:ovirt:vdsm:4.16.17
-
cpe:2.3:a:ovirt:vdsm:4.16.18
-
cpe:2.3:a:ovirt:vdsm:4.16.19
-
cpe:2.3:a:ovirt:vdsm:4.16.2
-
cpe:2.3:a:ovirt:vdsm:4.16.20
-
cpe:2.3:a:ovirt:vdsm:4.16.21
-
cpe:2.3:a:ovirt:vdsm:4.16.22
-
cpe:2.3:a:ovirt:vdsm:4.16.23
-
cpe:2.3:a:ovirt:vdsm:4.16.24
-
cpe:2.3:a:ovirt:vdsm:4.16.25
-
cpe:2.3:a:ovirt:vdsm:4.16.26
-
cpe:2.3:a:ovirt:vdsm:4.16.27
-
cpe:2.3:a:ovirt:vdsm:4.16.28
-
cpe:2.3:a:ovirt:vdsm:4.16.29
-
cpe:2.3:a:ovirt:vdsm:4.16.3
-
cpe:2.3:a:ovirt:vdsm:4.16.30
-
cpe:2.3:a:ovirt:vdsm:4.16.31
-
cpe:2.3:a:ovirt:vdsm:4.16.32
-
cpe:2.3:a:ovirt:vdsm:4.16.33
-
cpe:2.3:a:ovirt:vdsm:4.16.34
-
cpe:2.3:a:ovirt:vdsm:4.16.35
-
cpe:2.3:a:ovirt:vdsm:4.16.36
-
cpe:2.3:a:ovirt:vdsm:4.16.37
-
cpe:2.3:a:ovirt:vdsm:4.16.38
-
cpe:2.3:a:ovirt:vdsm:4.16.4
-
cpe:2.3:a:ovirt:vdsm:4.16.5
-
cpe:2.3:a:ovirt:vdsm:4.16.6
-
cpe:2.3:a:ovirt:vdsm:4.16.7
-
cpe:2.3:a:ovirt:vdsm:4.16.8
-
cpe:2.3:a:ovirt:vdsm:4.16.9
-
cpe:2.3:a:ovirt:vdsm:4.17.0
-
cpe:2.3:a:ovirt:vdsm:4.17.1
-
cpe:2.3:a:ovirt:vdsm:4.17.10
-
cpe:2.3:a:ovirt:vdsm:4.17.10.1
-
cpe:2.3:a:ovirt:vdsm:4.17.11
-
cpe:2.3:a:ovirt:vdsm:4.17.12
-
cpe:2.3:a:ovirt:vdsm:4.17.13
-
cpe:2.3:a:ovirt:vdsm:4.17.14
-
cpe:2.3:a:ovirt:vdsm:4.17.15
-
cpe:2.3:a:ovirt:vdsm:4.17.16
-
cpe:2.3:a:ovirt:vdsm:4.17.17
-
cpe:2.3:a:ovirt:vdsm:4.17.18
-
cpe:2.3:a:ovirt:vdsm:4.17.19
-
cpe:2.3:a:ovirt:vdsm:4.17.2
-
cpe:2.3:a:ovirt:vdsm:4.17.20
-
cpe:2.3:a:ovirt:vdsm:4.17.21
-
cpe:2.3:a:ovirt:vdsm:4.17.22
-
cpe:2.3:a:ovirt:vdsm:4.17.23
-
cpe:2.3:a:ovirt:vdsm:4.17.23.1
-
cpe:2.3:a:ovirt:vdsm:4.17.23.2
-
cpe:2.3:a:ovirt:vdsm:4.17.24
-
cpe:2.3:a:ovirt:vdsm:4.17.25
-
cpe:2.3:a:ovirt:vdsm:4.17.26
-
cpe:2.3:a:ovirt:vdsm:4.17.27
-
cpe:2.3:a:ovirt:vdsm:4.17.28
-
cpe:2.3:a:ovirt:vdsm:4.17.29
-
cpe:2.3:a:ovirt:vdsm:4.17.3
-
cpe:2.3:a:ovirt:vdsm:4.17.30
-
cpe:2.3:a:ovirt:vdsm:4.17.31
-
cpe:2.3:a:ovirt:vdsm:4.17.32
-
cpe:2.3:a:ovirt:vdsm:4.17.33
-
cpe:2.3:a:ovirt:vdsm:4.17.34
-
cpe:2.3:a:ovirt:vdsm:4.17.35
-
cpe:2.3:a:ovirt:vdsm:4.17.36
-
cpe:2.3:a:ovirt:vdsm:4.17.37
-
cpe:2.3:a:ovirt:vdsm:4.17.38
-
cpe:2.3:a:ovirt:vdsm:4.17.39
-
cpe:2.3:a:ovirt:vdsm:4.17.4
-
cpe:2.3:a:ovirt:vdsm:4.17.40
-
cpe:2.3:a:ovirt:vdsm:4.17.41
-
cpe:2.3:a:ovirt:vdsm:4.17.42
-
cpe:2.3:a:ovirt:vdsm:4.17.43
-
cpe:2.3:a:ovirt:vdsm:4.17.43.1
-
cpe:2.3:a:ovirt:vdsm:4.17.44
-
cpe:2.3:a:ovirt:vdsm:4.17.5
-
cpe:2.3:a:ovirt:vdsm:4.17.6
-
cpe:2.3:a:ovirt:vdsm:4.17.7
-
cpe:2.3:a:ovirt:vdsm:4.17.8
-
cpe:2.3:a:ovirt:vdsm:4.17.9
-
cpe:2.3:a:ovirt:vdsm:4.17.999
-
cpe:2.3:a:ovirt:vdsm:4.18.0
-
cpe:2.3:a:ovirt:vdsm:4.18.1
-
cpe:2.3:a:ovirt:vdsm:4.18.10
-
cpe:2.3:a:ovirt:vdsm:4.18.11
-
cpe:2.3:a:ovirt:vdsm:4.18.12
-
cpe:2.3:a:ovirt:vdsm:4.18.13
-
cpe:2.3:a:ovirt:vdsm:4.18.14
-
cpe:2.3:a:ovirt:vdsm:4.18.15
-
cpe:2.3:a:ovirt:vdsm:4.18.15.1
-
cpe:2.3:a:ovirt:vdsm:4.18.15.2
-
cpe:2.3:a:ovirt:vdsm:4.18.15.3
-
cpe:2.3:a:ovirt:vdsm:4.18.16
-
cpe:2.3:a:ovirt:vdsm:4.18.17
-
cpe:2.3:a:ovirt:vdsm:4.18.18
-
cpe:2.3:a:ovirt:vdsm:4.18.19
-
cpe:2.3:a:ovirt:vdsm:4.18.2
-
cpe:2.3:a:ovirt:vdsm:4.18.20
-
cpe:2.3:a:ovirt:vdsm:4.18.21
-
cpe:2.3:a:ovirt:vdsm:4.18.21.1
-
cpe:2.3:a:ovirt:vdsm:4.18.22
-
cpe:2.3:a:ovirt:vdsm:4.18.23
-
cpe:2.3:a:ovirt:vdsm:4.18.24
-
cpe:2.3:a:ovirt:vdsm:4.18.25
-
cpe:2.3:a:ovirt:vdsm:4.18.3
-
cpe:2.3:a:ovirt:vdsm:4.18.4
-
cpe:2.3:a:ovirt:vdsm:4.18.4.1
-
cpe:2.3:a:ovirt:vdsm:4.18.5
-
cpe:2.3:a:ovirt:vdsm:4.18.5.1
-
cpe:2.3:a:ovirt:vdsm:4.18.6
-
cpe:2.3:a:ovirt:vdsm:4.18.7
-
cpe:2.3:a:ovirt:vdsm:4.18.8
-
cpe:2.3:a:ovirt:vdsm:4.18.9
-
cpe:2.3:a:ovirt:vdsm:4.18.999
-
cpe:2.3:a:ovirt:vdsm:4.19
-
cpe:2.3:a:ovirt:vdsm:4.19.1
-
cpe:2.3:a:ovirt:vdsm:4.19.10
-
cpe:2.3:a:ovirt:vdsm:4.19.10.1
-
cpe:2.3:a:ovirt:vdsm:4.19.11
-
cpe:2.3:a:ovirt:vdsm:4.19.12
-
cpe:2.3:a:ovirt:vdsm:4.19.13
-
cpe:2.3:a:ovirt:vdsm:4.19.14
-
cpe:2.3:a:ovirt:vdsm:4.19.15
-
cpe:2.3:a:ovirt:vdsm:4.19.16
-
cpe:2.3:a:ovirt:vdsm:4.19.17
-
cpe:2.3:a:ovirt:vdsm:4.19.18
-
cpe:2.3:a:ovirt:vdsm:4.19.19
-
cpe:2.3:a:ovirt:vdsm:4.19.2
-
cpe:2.3:a:ovirt:vdsm:4.19.20
-
cpe:2.3:a:ovirt:vdsm:4.19.21
-
cpe:2.3:a:ovirt:vdsm:4.19.22
-
cpe:2.3:a:ovirt:vdsm:4.19.23
-
cpe:2.3:a:ovirt:vdsm:4.19.24
-
cpe:2.3:a:ovirt:vdsm:4.19.25
-
cpe:2.3:a:ovirt:vdsm:4.19.26
-
cpe:2.3:a:ovirt:vdsm:4.19.27
-
cpe:2.3:a:ovirt:vdsm:4.19.28
-
cpe:2.3:a:ovirt:vdsm:4.19.29
-
cpe:2.3:a:ovirt:vdsm:4.19.3
-
cpe:2.3:a:ovirt:vdsm:4.19.30
-
cpe:2.3:a:ovirt:vdsm:4.19.31
-
cpe:2.3:a:ovirt:vdsm:4.19.32
-
cpe:2.3:a:ovirt:vdsm:4.19.33
-
cpe:2.3:a:ovirt:vdsm:4.19.34
-
cpe:2.3:a:ovirt:vdsm:4.19.35
-
cpe:2.3:a:ovirt:vdsm:4.19.36
-
cpe:2.3:a:ovirt:vdsm:4.19.37
-
cpe:2.3:a:ovirt:vdsm:4.19.38
-
cpe:2.3:a:ovirt:vdsm:4.19.39
-
cpe:2.3:a:ovirt:vdsm:4.19.4
-
cpe:2.3:a:ovirt:vdsm:4.19.40
-
cpe:2.3:a:ovirt:vdsm:4.19.41
-
cpe:2.3:a:ovirt:vdsm:4.19.42
-
cpe:2.3:a:ovirt:vdsm:4.19.43
-
cpe:2.3:a:ovirt:vdsm:4.19.44
-
cpe:2.3:a:ovirt:vdsm:4.19.45
-
cpe:2.3:a:ovirt:vdsm:4.19.46
-
cpe:2.3:a:ovirt:vdsm:4.19.47
-
cpe:2.3:a:ovirt:vdsm:4.19.48
-
cpe:2.3:a:ovirt:vdsm:4.19.49
-
cpe:2.3:a:ovirt:vdsm:4.19.5
-
cpe:2.3:a:ovirt:vdsm:4.19.50
-
cpe:2.3:a:ovirt:vdsm:4.19.51
-
cpe:2.3:a:ovirt:vdsm:4.19.6
-
cpe:2.3:a:ovirt:vdsm:4.19.7
-
cpe:2.3:a:ovirt:vdsm:4.19.8
-
cpe:2.3:a:ovirt:vdsm:4.19.9
-
cpe:2.3:a:ovirt:vdsm:4.20.0
-
cpe:2.3:a:ovirt:vdsm:4.20.1
-
cpe:2.3:a:ovirt:vdsm:4.20.10
-
cpe:2.3:a:ovirt:vdsm:4.20.11
-
cpe:2.3:a:ovirt:vdsm:4.20.12
-
cpe:2.3:a:ovirt:vdsm:4.20.13
-
cpe:2.3:a:ovirt:vdsm:4.20.14
-
cpe:2.3:a:ovirt:vdsm:4.20.15
-
cpe:2.3:a:ovirt:vdsm:4.20.16
-
cpe:2.3:a:ovirt:vdsm:4.20.17
-
cpe:2.3:a:ovirt:vdsm:4.20.18
-
cpe:2.3:a:ovirt:vdsm:4.20.19
-
cpe:2.3:a:ovirt:vdsm:4.20.2
-
cpe:2.3:a:ovirt:vdsm:4.20.20
-
cpe:2.3:a:ovirt:vdsm:4.20.21
-
cpe:2.3:a:ovirt:vdsm:4.20.22
-
cpe:2.3:a:ovirt:vdsm:4.20.23
-
cpe:2.3:a:ovirt:vdsm:4.20.24
-
cpe:2.3:a:ovirt:vdsm:4.20.25
-
cpe:2.3:a:ovirt:vdsm:4.20.26
-
cpe:2.3:a:ovirt:vdsm:4.20.27
-
cpe:2.3:a:ovirt:vdsm:4.20.27.1
-
cpe:2.3:a:ovirt:vdsm:4.20.28
-
cpe:2.3:a:ovirt:vdsm:4.20.29
-
cpe:2.3:a:ovirt:vdsm:4.20.3
-
cpe:2.3:a:ovirt:vdsm:4.20.30
-
cpe:2.3:a:ovirt:vdsm:4.20.31
-
cpe:2.3:a:ovirt:vdsm:4.20.32
-
cpe:2.3:a:ovirt:vdsm:4.20.33
-
cpe:2.3:a:ovirt:vdsm:4.20.34
-
cpe:2.3:a:ovirt:vdsm:4.20.35
-
cpe:2.3:a:ovirt:vdsm:4.20.36
-
cpe:2.3:a:ovirt:vdsm:4.20.4
-
cpe:2.3:a:ovirt:vdsm:4.20.5
-
cpe:2.3:a:ovirt:vdsm:4.20.6
-
cpe:2.3:a:ovirt:vdsm:4.20.7
-
cpe:2.3:a:ovirt:vdsm:4.20.8
-
cpe:2.3:a:ovirt:vdsm:4.20.9
-
cpe:2.3:a:ovirt:vdsm:4.20.9.1
-
cpe:2.3:a:ovirt:vdsm:4.20.9.2
-
cpe:2.3:a:ovirt:vdsm:4.20.9.3
-
cpe:2.3:a:ovirt:vdsm:4.9.0
-
cpe:2.3:a:ovirt:vdsm:4.9.1
-
cpe:2.3:a:ovirt:vdsm:4.9.2
-
cpe:2.3:a:ovirt:vdsm:4.9.3
-
cpe:2.3:a:ovirt:vdsm:4.9.3.1
-
cpe:2.3:a:ovirt:vdsm:4.9.3.2
-
cpe:2.3:a:ovirt:vdsm:4.9.3.3
-
cpe:2.3:a:ovirt:vdsm:4.9.4
-
cpe:2.3:a:ovirt:vdsm:4.9.5
-
cpe:2.3:a:ovirt:vdsm:4.9.6
-
cpe:2.3:a:redhat:virtualization:4.0