oss-sec mailing list archives
CVE-2020-7039 QEMU: slirp: OOB buffer access while emulating tcp protocols in tcp_emu()
From: P J P <ppandit () redhat com>
Date: Thu, 16 Jan 2020 14:48:39 +0530 (IST)
Hello,A heap buffer overflow issue(s) were found in the SLiRP networking implementation of the QEMU emulator. It occurs in tcp_emu() routine while emulating IRC and other protocols.
A user/process could use this flaw to crash the Qemu process on the host resulting in DoS or potentially execute arbitrary code with privileges of the QEMU process.
Upstream patch(es): ------------------- -> https://gitlab.freedesktop.org/slirp/libslirp/commit/2655fffed7a9e765bcb4701dd876e9dab975f289 -> https://gitlab.freedesktop.org/slirp/libslirp/commit/ce131029d6d4a405cb7d3ac6716d03e58fb4a5d9 -> https://gitlab.freedesktop.org/slirp/libslirp/commit/82ebe9c370a0e2970fb5695aa19aa5214a6a1c80Heap overflow in emulating IRC commands (EMU_IRC) was found and reported by Vishnu Dev (CC'd).
'CVE-2020-7039' was assigned via -> https://cveform.mitre.org/ Thank you. -- Prasad J Pandit / Red Hat Product Security Team 8685 545E B54C 486B C6EB 271E E285 8B5A F050 DE8D
Current thread:
- CVE-2020-7039 QEMU: slirp: OOB buffer access while emulating tcp protocols in tcp_emu() P J P (Jan 16)