CVE-2018-16867
7
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H
Summary
A flaw was found in qemu Media Transfer Protocol (MTP) before version 3.1.0. A path traversal in the in usb_mtp_write_data function in hw/usb/dev-mtp.c due to an improper filename sanitization. When the guest device is mounted in read-write mode, this allows to read/write arbitrary files which may lead do DoS scenario OR possibly lead to code execution on the host.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| [UNKNOWN] | QEMU: | 3.1.0 | affected |
Weaknesses
- CWE-362: CWE-362
ADP Enrichment
CVE Program Container
Additional References
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16867
- http://www.securityfocus.com/bid/106195
- https://www.openwall.com/lists/oss-security/2018/12/06/1
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CGCFIFSIWUREEQQOZDZFBYKWZHXCWBZN/
- https://usn.ubuntu.com/3923-1/
References
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16867
- http://www.securityfocus.com/bid/106195
- https://www.openwall.com/lists/oss-security/2018/12/06/1
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CGCFIFSIWUREEQQOZDZFBYKWZHXCWBZN/
- https://usn.ubuntu.com/3923-1/
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.