6.8
CVE-2020-8608
- EPSS 2.49%
- Veröffentlicht 06.02.2020 17:15:14
- Zuletzt bearbeitet 21.11.2024 05:39:07
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
In libslirp 4.1.0, as used in QEMU 4.2.0, tcp_subr.c misuses snprintf return values, leading to a buffer overflow in later code.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Libslirp Project ≫ Libslirp Version4.1.0
Debian ≫ Debian Linux Version8.0
Debian ≫ Debian Linux Version9.0
Debian ≫ Debian Linux Version10.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.49% | 0.825 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.6 | 2.2 | 3.4 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
|
| nvd@nist.gov | 6.8 | 8.6 | 6.4 |
AV:N/AC:M/Au:N/C:P/I:P/A:P
|
CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer.
https://lists.debian.org/debian-lts-announce/2020/07/msg00020.html
http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00007.html
https://security.gentoo.org/glsa/202003-66
https://lists.debian.org/debian-lts-announce/2021/02/msg00012.html
https://usn.ubuntu.com/4283-1/
https://gitlab.freedesktop.org/slirp/libslirp/-/tags/v4.1.0
https://gitlab.freedesktop.org/slirp/libslirp/commit/68ccb8021a838066f0951d4b2817eb6b6f10a843
https://lists.debian.org/debian-lts-announce/2020/03/msg00015.html
https://lists.debian.org/debian-lts-announce/2020/03/msg00017.html
https://security.netapp.com/advisory/ntap-20201001-0002/
https://www.debian.org/security/2020/dsa-4733
https://www.openwall.com/lists/oss-security/2020/02/06/2