{"id":"CVE-2018-10908","details":"It was found that vdsm before version 4.20.37 invokes qemu-img on untrusted inputs without limiting resources. By uploading a specially crafted image, an attacker could cause the qemu-img process to consume unbounded amounts of memory of CPU time, causing a denial of service condition that could potentially impact other users of the host.","modified":"2026-05-18T05:50:02.037753531Z","published":"2018-08-09T19:29:00.207Z","database_specific":{"unresolved_ranges":[{"cpes":["cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:*"],"extracted_events":[{"last_affected":"4.0"}],"vendor_product":"redhat:virtualization","source":"CPE_FIELD"}]},"references":[{"type":"ADVISORY","url":"http://lists.nongnu.org/archive/html/qemu-block/2018-07/msg00488.html"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHEA-2018:2624"},{"type":"FIX","url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10908"},{"type":"FIX","url":"https://gerrit.ovirt.org/#/c/93195/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/ovirt/vdsm","events":[{"introduced":"0"},{"fixed":"da028b3404483b64999bce3b0061a1a1d7530d90"}],"database_specific":{"extracted_events":[{"introduced":"0"},{"fixed":"4.20.37"}],"cpe":"cpe:2.3:a:ovirt:vdsm:*:*:*:*:*:*:*:*","source":"CPE_FIELD"}}],"versions":["v4.20.36","v4.20.35","v4.20.34","v4.20.33","v4.20.29","v4.20.28","v4.20.27","v4.20.26","v4.20.25","v4.20.24","v4.20.23","v4.20.22","v4.20.21","v4.20.20","v4.20.19","v4.20.18","v4.20.17","v4.20.16","v4.20.15","v4.20.14","v4.20.13","v4.20.12","v4.20.11","v4.20.10","v4.20.9","v4.20.8","v4.20.7","v4.20.6","v4.20.5","v4.20.4","v4.20.3","v4.20.2","v4.20.1","v4.20.0","v4.19.1","v4.18.999","v4.18.1","v4.18.0","v4.17.999","v4.17.2","v4.17.1","v4.17.0","v4.16.0","v4.15.0","v4.14.1","v4.14.0","v4.13.0","v4.12.0","v4.12.0-rc3","v4.12.0-rc2","v4.12.0-rc1","v4.11.0","v4.10.3","v4.10.2","v4.10.1","v4.10.0","v4.9.6","v4.9.4","v4.9.2","v4.9.1","v4.9.0"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-10908.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H"}]}