Skip to main content

Libslirp CVE-2020-7039

MEDIUM
Out-of-bounds Write (CWE-787)
2020-01-16 cve@mitre.org
5.6
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.6 MEDIUM
AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
Low

Lifecycle Timeline

1
CVE Published
Jan 16, 2020 - 23:15 nvd
MEDIUM 5.6

DescriptionNVD

tcp_emu in tcp_subr.c in libslirp 4.1.0, as used in QEMU 4.2.0, mismanages memory, as demonstrated by IRC DCC commands in EMU_IRC. This can cause a heap-based buffer overflow or other out-of-bounds access which can lead to a DoS or potential execute arbitrary code.

AnalysisAI

tcp_emu in tcp_subr.c in libslirp 4.1.0, as used in QEMU 4.2.0, mismanages memory, as demonstrated by IRC DCC commands in EMU_IRC. Rated medium severity (CVSS 5.6), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Technical ContextAI

This vulnerability is classified as Out-of-bounds Write (CWE-787), which allows attackers to write data beyond allocated buffer boundaries leading to code execution or crashes. tcp_emu in tcp_subr.c in libslirp 4.1.0, as used in QEMU 4.2.0, mismanages memory, as demonstrated by IRC DCC commands in EMU_IRC. This can cause a heap-based buffer overflow or other out-of-bounds access which can lead to a DoS or potential execute arbitrary code. Affected products include: Libslirp Project Libslirp, Qemu, Debian Debian Linux, Opensuse Leap.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Validate write boundaries, use memory-safe languages, enable compiler protections (ASLR, stack canaries).

CVE-2020-1983 MEDIUM POC
6.5 Apr 22

A use after free vulnerability in ip_reass() in ip_input.c of libslirp 4.2.0 and prior releases allows crafted packets t

CVE-2019-14378 HIGH POC
8.8 Jul 29

ip_reass in ip_input.c in libslirp 4.0.0 has a heap-based buffer overflow via a large packet because it mishandles a cas

CVE-2020-29130 MEDIUM POC
4.3 Nov 26

slirp.c in libslirp through 4.3.1 has a buffer over-read because it tries to read a certain amount of header data even i

CVE-2020-7211 HIGH
7.5 Jan 21

tftp.c in libslirp 4.1.0, as used in QEMU 4.2.0, does not prevent ..\ directory traversal on Windows. Rated high severit

CVE-2019-15890 HIGH
7.5 Sep 06

libslirp 4.0.0, as used in QEMU 4.1.0, has a use-after-free in ip_reass in ip_input.c. Rated high severity (CVSS 7.5), t

CVE-2026-9539 MEDIUM
6.5 Jun 24

Out-of-bounds heap read and integer underflow in libslirp's TCP urgent data handler (sosendoob) exposes gigabytes of hos

CVE-2020-10756 MEDIUM
6.5 Jul 09

An out-of-bounds read vulnerability was found in the SLiRP networking implementation of the QEMU emulator. Rated medium

CVE-2020-8608 MEDIUM
5.6 Feb 06

In libslirp 4.1.0, as used in QEMU 4.2.0, tcp_subr.c misuses snprintf return values, leading to a buffer overflow in lat

CVE-2020-29129 MEDIUM
4.3 Nov 26

ncsi.c in libslirp through 4.3.1 has a buffer over-read because it tries to read a certain amount of header data even if

CVE-2021-3595 LOW
3.8 Jun 15

An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. Rated low severity (CV

CVE-2021-3594 LOW
3.8 Jun 15

An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. Rated low severity (CV

CVE-2021-3593 LOW
3.8 Jun 15

An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. Rated low severity (CV

Share

CVE-2020-7039 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy