An integer overflow issue was found in the QEMU Guest Agent in QEMU,
while reading argument list passed to the 'guest-exec' qmp command.
An attacker could exploit this by sending a crafted QMP command to
the agent via a listening socket to trigger the overflow. It may
crash the QEMU guest agent, resulting in DoS.
Name: Guoxiang Niu (huawei.com)
Created qemu tracking bugs for this issue:
Affects: fedora-all [bug 1712836]
This one turned out to be a non-issue. Number of command-line arguments
are capped by
QMP JSON parser to MAX_TOKEN_COUNT (2ULL << 20). It helps to avoid the said
integer overflow issue.
Closing this as notabug.
Red Hat Product Security determined that this flaw was not a security vulnerability. See the Bugzilla link for more details.