CVE-2018-17962

Description

Qemu has a Buffer Overflow in pcnet_receive in hw/net/pcnet.c because an incorrect integer data type is used.

How to fix CVE-2018-17962

To remediate CVE-2018-17962, upgrade the affected package to a fixed version below.

• Debian/qemu—upgrade to 1:3.1+dfsg-1 or later

Is CVE-2018-17962 being exploited?

Low — EPSS is 0.3%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, < 1:3.1+dfsg-1

CVSS scores

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2018-17962