Skip to main content

Libslirp CVE-2020-1983

MEDIUM
Use After Free (CWE-416)
2020-04-22 psirt@paloaltonetworks.com
6.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

1
CVE Published
Apr 22, 2020 - 20:15 nvd
MEDIUM 6.5

DescriptionNVD

A use after free vulnerability in ip_reass() in ip_input.c of libslirp 4.2.0 and prior releases allows crafted packets to cause a denial of service.

AnalysisAI

A use after free vulnerability in ip_reass() in ip_input.c of libslirp 4.2.0 and prior releases allows crafted packets to cause a denial of service. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. Public exploit code available.

Technical ContextAI

This vulnerability is classified as Use After Free (CWE-416), which allows attackers to access freed memory to execute arbitrary code or crash the application. A use after free vulnerability in ip_reass() in ip_input.c of libslirp 4.2.0 and prior releases allows crafted packets to cause a denial of service. Affected products include: Libslirp Project Libslirp, Fedoraproject Fedora, Debian Debian Linux, Opensuse Leap, Canonical Ubuntu Linux.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Use smart pointers or garbage-collected languages. Set pointers to NULL after freeing. Enable memory sanitizers.

CVE-2019-14378 HIGH POC
8.8 Jul 29

ip_reass in ip_input.c in libslirp 4.0.0 has a heap-based buffer overflow via a large packet because it mishandles a cas

CVE-2020-29130 MEDIUM POC
4.3 Nov 26

slirp.c in libslirp through 4.3.1 has a buffer over-read because it tries to read a certain amount of header data even i

CVE-2020-7211 HIGH
7.5 Jan 21

tftp.c in libslirp 4.1.0, as used in QEMU 4.2.0, does not prevent ..\ directory traversal on Windows. Rated high severit

CVE-2019-15890 HIGH
7.5 Sep 06

libslirp 4.0.0, as used in QEMU 4.1.0, has a use-after-free in ip_reass in ip_input.c. Rated high severity (CVSS 7.5), t

CVE-2026-9539 MEDIUM
6.5 Jun 24

Out-of-bounds heap read and integer underflow in libslirp's TCP urgent data handler (sosendoob) exposes gigabytes of hos

CVE-2020-10756 MEDIUM
6.5 Jul 09

An out-of-bounds read vulnerability was found in the SLiRP networking implementation of the QEMU emulator. Rated medium

CVE-2020-8608 MEDIUM
5.6 Feb 06

In libslirp 4.1.0, as used in QEMU 4.2.0, tcp_subr.c misuses snprintf return values, leading to a buffer overflow in lat

CVE-2020-7039 MEDIUM
5.6 Jan 16

tcp_emu in tcp_subr.c in libslirp 4.1.0, as used in QEMU 4.2.0, mismanages memory, as demonstrated by IRC DCC commands i

CVE-2020-29129 MEDIUM
4.3 Nov 26

ncsi.c in libslirp through 4.3.1 has a buffer over-read because it tries to read a certain amount of header data even if

CVE-2021-3595 LOW
3.8 Jun 15

An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. Rated low severity (CV

CVE-2021-3594 LOW
3.8 Jun 15

An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. Rated low severity (CV

CVE-2021-3593 LOW
3.8 Jun 15

An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. Rated low severity (CV

Share

CVE-2020-1983 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy