Libslirp
CVE-2020-10756
MEDIUM
Severity by source
AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Lifecycle Timeline
1DescriptionNVD
An out-of-bounds read vulnerability was found in the SLiRP networking implementation of the QEMU emulator. This flaw occurs in the icmp6_send_echoreply() routine while replying to an ICMP echo request, also known as ping. This flaw allows a malicious guest to leak the contents of the host memory, resulting in possible information disclosure. This flaw affects versions of libslirp before 4.3.1.
AnalysisAI
An out-of-bounds read vulnerability was found in the SLiRP networking implementation of the QEMU emulator. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.
Technical ContextAI
This vulnerability is classified as Out-of-bounds Read (CWE-125), which allows attackers to read data from memory outside the intended buffer boundaries. An out-of-bounds read vulnerability was found in the SLiRP networking implementation of the QEMU emulator. This flaw occurs in the icmp6_send_echoreply() routine while replying to an ICMP echo request, also known as ping. This flaw allows a malicious guest to leak the contents of the host memory, resulting in possible information disclosure. This flaw affects versions of libslirp before 4.3.1. Affected products include: Libslirp Project Libslirp, Redhat Openstack, Redhat Enterprise Linux, Canonical Ubuntu Linux, Debian Debian Linux. Version information: before 4.3.1..
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Validate array indices and buffer lengths. Use memory-safe languages. Enable AddressSanitizer during testing.
A use after free vulnerability in ip_reass() in ip_input.c of libslirp 4.2.0 and prior releases allows crafted packets t
ip_reass in ip_input.c in libslirp 4.0.0 has a heap-based buffer overflow via a large packet because it mishandles a cas
slirp.c in libslirp through 4.3.1 has a buffer over-read because it tries to read a certain amount of header data even i
tftp.c in libslirp 4.1.0, as used in QEMU 4.2.0, does not prevent ..\ directory traversal on Windows. Rated high severit
libslirp 4.0.0, as used in QEMU 4.1.0, has a use-after-free in ip_reass in ip_input.c. Rated high severity (CVSS 7.5), t
Out-of-bounds heap read and integer underflow in libslirp's TCP urgent data handler (sosendoob) exposes gigabytes of hos
In libslirp 4.1.0, as used in QEMU 4.2.0, tcp_subr.c misuses snprintf return values, leading to a buffer overflow in lat
tcp_emu in tcp_subr.c in libslirp 4.1.0, as used in QEMU 4.2.0, mismanages memory, as demonstrated by IRC DCC commands i
ncsi.c in libslirp through 4.3.1 has a buffer over-read because it tries to read a certain amount of header data even if
An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. Rated low severity (CV
An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. Rated low severity (CV
An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. Rated low severity (CV
Same weakness CWE-125 – Out-of-bounds Read
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today