6.8

CVE-2020-7039

tcp_emu in tcp_subr.c in libslirp 4.1.0, as used in QEMU 4.2.0, mismanages memory, as demonstrated by IRC DCC commands in EMU_IRC. This can cause a heap-based buffer overflow or other out-of-bounds access which can lead to a DoS or potential execute arbitrary code.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Libslirp ProjectLibslirp Version4.1.0
QemuQemu Version4.2.0
DebianDebian Linux Version8.0
DebianDebian Linux Version9.0
OpensuseLeap Version15.1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 3.57% 0.879
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.6 2.2 3.4
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00007.html
Third Party Advisory
https://access.redhat.com/errata/RHSA-2020:0775
Third Party Advisory
https://seclists.org/bugtraq/2020/Feb/0
Third Party Advisory
Mailing List
https://www.debian.org/security/2020/dsa-4616
Third Party Advisory
http://www.openwall.com/lists/oss-security/2020/01/16/2
Patch
Third Party Advisory
Mailing List
https://access.redhat.com/errata/RHSA-2020:0348
Third Party Advisory
https://gitlab.freedesktop.org/slirp/libslirp/commit/2655fffed7a9e765bcb4701dd876e9dab975f289
Patch
Third Party Advisory
https://gitlab.freedesktop.org/slirp/libslirp/commit/82ebe9c370a0e2970fb5695aa19aa5214a6a1c80
Patch
Third Party Advisory
https://gitlab.freedesktop.org/slirp/libslirp/commit/ce131029d6d4a405cb7d3ac6716d03e58fb4a5d9
Patch
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/01/msg00022.html
Third Party Advisory
Mailing List
https://lists.debian.org/debian-lts-announce/2020/01/msg00036.html
Third Party Advisory
Mailing List
https://lists.debian.org/debian-lts-announce/2021/02/msg00012.html
Third Party Advisory
Mailing List
https://security.gentoo.org/glsa/202005-02
Third Party Advisory
https://usn.ubuntu.com/4283-1/
Third Party Advisory