CVE-2019-9824LOW
Description
tcp_emu in slirp/tcp_subr.c (aka slirp/src/tcp_subr.c) in QEMU 3.0.0 uses uninitialized data in an snprintf call, leading to Information disclosure.
References
https://access.redhat.com/errata/RHSA-2019:1650
https://access.redhat.com/errata/RHSA-2019:2078
https://access.redhat.com/errata/RHSA-2019:2425
https://access.redhat.com/errata/RHSA-2019:2553
https://access.redhat.com/errata/RHSA-2019:3345
https://lists.gnu.org/archive/html/qemu-devel/2019-03/msg00400.html
Details
Source: MITRE
Published: 2019-06-03
Updated: 2020-08-24
Type: CWE-908
Risk Information
CVSS v2.0
Base Score: 2.1
Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N
Impact Score: 2.9
Exploitability Score: 3.9
Severity: LOW
CVSS v3.0
Base Score: 5.5
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Impact Score: 3.6
Exploitability Score: 1.8
Severity: MEDIUM
Vulnerable Software
Configuration 1
OR
Tenable Plugins
| ID | Name | Product | Family | Severity |
|---|---|---|---|---|
| 145576 | CentOS 8 : virt:rhel (CESA-2019:3345) | Nessus | CentOS Local Security Checks | medium |
| 144528 | Virtuozzo 6 : qemu-guest-agent / qemu-img / qemu-kvm / etc (VZLSA-2019-1650) | Nessus | Virtuozzo Local Security Checks | low |
| 139088 | Amazon Linux AMI : qemu-kvm (ALAS-2020-1408) | Nessus | Amazon Linux Local Security Checks | medium |
| 138856 | Amazon Linux 2 : qemu (ALAS-2020-1467) | Nessus | Amazon Linux Local Security Checks | medium |
| 138642 | Amazon Linux AMI : qemu-kvm (ALAS-2020-1400) | Nessus | Amazon Linux Local Security Checks | medium |
| 138009 | EulerOS Virtualization 3.0.6.0 : qemu-kvm (EulerOS-SA-2020-1790) | Nessus | Huawei Local Security Checks | high |
| 130717 | EulerOS 2.0 SP3 : qemu-kvm (EulerOS-SA-2019-2255) | Nessus | Huawei Local Security Checks | low |
| 130689 | EulerOS 2.0 SP5 : qemu-kvm (EulerOS-SA-2019-2227) | Nessus | Huawei Local Security Checks | critical |
| 130529 | RHEL 8 : virt:rhel (RHSA-2019:3345) | Nessus | Red Hat Local Security Checks | medium |
| 128688 | NewStart CGSL MAIN 4.06 : qemu-kvm Vulnerability (NS-SA-2019-0176) | Nessus | NewStart CGSL Local Security Checks | low |
| 128348 | CentOS 7 : qemu-kvm (CESA-2019:2078) | Nessus | CentOS Local Security Checks | low |
| 128257 | Scientific Linux Security Update : qemu-kvm on SL7.x x86_64 (20190806) | Nessus | Scientific Linux Local Security Checks | low |
| 128205 | RHEL 7 : Virtualization Manager (RHSA-2019:2553) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout) | Nessus | Red Hat Local Security Checks | high |
| 127667 | RHEL 7 : qemu-kvm (RHSA-2019:2078) | Nessus | Red Hat Local Security Checks | low |
| 127457 | NewStart CGSL MAIN 4.05 : qemu-kvm Vulnerability (NS-SA-2019-0168) | Nessus | NewStart CGSL Local Security Checks | low |
| 126960 | Amazon Linux 2 : qemu (ALAS-2019-1248) | Nessus | Amazon Linux Local Security Checks | high |
| 126530 | Fedora 30 : 2:qemu (2019-52a8f5468e) | Nessus | Fedora Local Security Checks | high |
| 126479 | CentOS 6 : qemu-kvm (CESA-2019:1650) | Nessus | CentOS Local Security Checks | low |
| 126455 | Scientific Linux Security Update : qemu-kvm on SL6.x i386/x86_64 (20190702) | Nessus | Scientific Linux Local Security Checks | low |
| 126452 | RHEL 6 : qemu-kvm (RHSA-2019:1650) | Nessus | Red Hat Local Security Checks | low |
| 126450 | Oracle Linux 6 : qemu-kvm (ELSA-2019-1650) | Nessus | Oracle Linux Local Security Checks | low |
| 125609 | Debian DSA-4454-1 : qemu - security update | Nessus | Debian Local Security Checks | high |
| 125302 | openSUSE Security Update : qemu (openSUSE-2019-1405) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout) | Nessus | SuSE Local Security Checks | high |
| 125284 | SUSE SLES11 Security Update : kvm (SUSE-SU-2019:14052-1) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout) | Nessus | SuSE Local Security Checks | high |
| 125249 | SUSE SLES12 Security Update : qemu (SUSE-SU-2019:1272-1) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout) | Nessus | SuSE Local Security Checks | high |
| 125248 | SUSE SLES12 Security Update : qemu (SUSE-SU-2019:1269-1) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout) | Nessus | SuSE Local Security Checks | high |
| 125247 | SUSE SLES12 Security Update : qemu (SUSE-SU-2019:1268-1) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout) | Nessus | SuSE Local Security Checks | high |
| 125137 | Ubuntu 16.04 LTS / 18.04 LTS / 18.10 / 19.04 : QEMU update (USN-3978-1) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout) | Nessus | Ubuntu Local Security Checks | high |
| 124720 | Debian DLA-1781-1 : qemu security update | Nessus | Debian Local Security Checks | high |
| 124311 | openSUSE Security Update : qemu (openSUSE-2019-1274) | Nessus | SuSE Local Security Checks | high |
| 124289 | GLSA-201904-25 : QEMU: Multiple vulnerabilities | Nessus | Gentoo Local Security Checks | high |
| 124147 | openSUSE Security Update : xen (openSUSE-2019-1226) | Nessus | SuSE Local Security Checks | high |
| 123993 | SUSE SLES12 Security Update : xen (SUSE-SU-2019:0921-1) | Nessus | SuSE Local Security Checks | medium |
| 123825 | SUSE SLED12 / SLES12 Security Update : xen (SUSE-SU-2019:0891-1) | Nessus | SuSE Local Security Checks | medium |
| 123637 | SUSE SLES11 Security Update : xen (SUSE-SU-2019:14001-1) | Nessus | SuSE Local Security Checks | medium |
| 123634 | SUSE SLES12 Security Update : xen (SUSE-SU-2019:0827-1) | Nessus | SuSE Local Security Checks | high |
| 123633 | SUSE SLES12 Security Update : xen (SUSE-SU-2019:0825-1) | Nessus | SuSE Local Security Checks | high |