CVE-2020-7039

MEDIUM

Description

tcp_emu in tcp_subr.c in libslirp 4.1.0, as used in QEMU 4.2.0, mismanages memory, as demonstrated by IRC DCC commands in EMU_IRC. This can cause a heap-based buffer overflow or other out-of-bounds access which can lead to a DoS or potential execute arbitrary code.

References

http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00007.html

http://www.openwall.com/lists/oss-security/2020/01/16/2

https://access.redhat.com/errata/RHSA-2020:0348

https://access.redhat.com/errata/RHSA-2020:0775

https://gitlab.freedesktop.org/slirp/libslirp/commit/2655fffed7a9e765bcb4701dd876e9dab975f289

https://gitlab.freedesktop.org/slirp/libslirp/commit/82ebe9c370a0e2970fb5695aa19aa5214a6a1c80

https://gitlab.freedesktop.org/slirp/libslirp/commit/ce131029d6d4a405cb7d3ac6716d03e58fb4a5d9

https://lists.debian.org/debian-lts-announce/2020/01/msg00022.html

https://lists.debian.org/debian-lts-announce/2020/01/msg00036.html

https://lists.debian.org/debian-lts-announce/2021/02/msg00012.html

https://seclists.org/bugtraq/2020/Feb/0

https://security.gentoo.org/glsa/202005-02

https://usn.ubuntu.com/4283-1/

https://www.debian.org/security/2020/dsa-4616

Details

Source: MITRE

Published: 2020-01-16

Updated: 2021-02-14

Type: CWE-787

Risk Information

CVSS v2.0

Base Score: 6.8

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 8.6

Severity: MEDIUM

CVSS v3.0

Base Score: 5.6

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

Impact Score: 3.4

Exploitability Score: 2.2

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:libslirp_project:libslirp:4.1.0:*:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:a:qemu:qemu:4.2.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*

Tenable Plugins

View all (48 total)

IDNameProductFamilySeverity
147700EulerOS : qemu (EulerOS-SA-2021-1667)NessusHuawei Local Security Checks
medium
147523EulerOS : qemu (EulerOS-SA-2021-1632)NessusHuawei Local Security Checks
medium
147408NewStart CGSL MAIN 4.06 : qemu-kvm Multiple Vulnerabilities (NS-SA-2021-0004)NessusNewStart CGSL Local Security Checks
medium
146372Debian DLA-2551-1 : slirp security updateNessusDebian Local Security Checks
medium
145994CentOS 8 : container-tools:1.0 (CESA-2020:1360)NessusCentOS Local Security Checks
medium
145992CentOS 8 : virt:rhel (CESA-2020:1358)NessusCentOS Local Security Checks
medium
143039RHEL 8 : container-tools:1.0 (RHSA-2020:1360)NessusRed Hat Local Security Checks
medium
142969Ubuntu 16.04 LTS / 18.04 LTS : SLiRP vulnerabilities (USN-4632-1)NessusUbuntu Local Security Checks
medium
140275NewStart CGSL MAIN 4.05 : qemu-kvm Multiple Vulnerabilities (NS-SA-2020-0049)NessusNewStart CGSL Local Security Checks
medium
140033Oracle Linux 8 : container-tools:ol8 (ELSA-2020-0348)NessusOracle Linux Local Security Checks
medium
135664Oracle Linux 8 : virt:ol (ELSA-2020-1358)NessusOracle Linux Local Security Checks
medium
139382RHEL 8 : virt:rhel (RHSA-2020:1358)NessusRed Hat Local Security Checks
medium
139088Amazon Linux AMI : qemu-kvm (ALAS-2020-1408)NessusAmazon Linux Local Security Checks
medium
138642Amazon Linux AMI : qemu-kvm (ALAS-2020-1400)NessusAmazon Linux Local Security Checks
medium
138073RHEL 7 : slirp4netns (RHSA-2020:0889)NessusRed Hat Local Security Checks
medium
137795EulerOS Virtualization for ARM 64 3.0.6.0 : qemu-kvm (EulerOS-SA-2020-1688)NessusHuawei Local Security Checks
medium
137758RHEL 7 : qemu-kvm-rhev (RHSA-2020:2730)NessusRed Hat Local Security Checks
medium
137586SUSE SLES12 Security Update : qemu (SUSE-SU-2020:1538-1)NessusSuSE Local Security Checks
medium
137581SUSE SLES12 Security Update : qemu (SUSE-SU-2020:1526-1)NessusSuSE Local Security Checks
medium
137579SUSE SLES15 Security Update : qemu (SUSE-SU-2020:1523-1)NessusSuSE Local Security Checks
medium
137577SUSE SLES12 Security Update : qemu (SUSE-SU-2020:1514-1)NessusSuSE Local Security Checks
medium
137549SUSE SLES12 Security Update : qemu (SUSE-SU-2020:1501-1)NessusSuSE Local Security Checks
medium
137489EulerOS 2.0 SP2 : qemu-kvm (EulerOS-SA-2020-1647)NessusHuawei Local Security Checks
high
136539GLSA-202005-02 : QEMU: Multiple vulnerabilitiesNessusGentoo Local Security Checks
medium
135559EulerOS 2.0 SP3 : qemu-kvm (EulerOS-SA-2020-1430)NessusHuawei Local Security Checks
critical
135340CentOS 7 : qemu-kvm (CESA-2020:1116)NessusCentOS Local Security Checks
high
135265openSUSE Security Update : qemu (openSUSE-2020-468)NessusSuSE Local Security Checks
medium
135253RHEL 8 : virt:rhel (RHSA-2020:1344)NessusRed Hat Local Security Checks
medium
135249RHEL 7 : qemu-kvm-ma (RHSA-2020:1352)NessusRed Hat Local Security Checks
medium
135245RHEL 7 : qemu-kvm (RHSA-2020:1351)NessusRed Hat Local Security Checks
medium
135176RHEL 7 : qemu-kvm-rhev (RHSA-2020:1296)NessusRed Hat Local Security Checks
medium
135173RHEL 7 : qemu-kvm-rhev (RHSA-2020:1300)NessusRed Hat Local Security Checks
medium
135169SUSE SLES12 Security Update : qemu (SUSE-SU-2020:0845-1)NessusSuSE Local Security Checks
medium
135168SUSE SLED15 / SLES15 Security Update : qemu (SUSE-SU-2020:0844-1)NessusSuSE Local Security Checks
medium
135051RHEL 7 : qemu-kvm-ma (RHSA-2020:1150)NessusRed Hat Local Security Checks
medium
135036RHEL 7 : qemu-kvm (RHSA-2020:1116)NessusRed Hat Local Security Checks
medium
134898Amazon Linux 2 : qemu (ALAS-2020-1407)NessusAmazon Linux Local Security Checks
medium
134790EulerOS 2.0 SP8 : qemu (EulerOS-SA-2020-1298)NessusHuawei Local Security Checks
medium
134611OracleVM 3.4 : qemu-kvm (OVMSA-2020-0010)NessusOracleVM Local Security Checks
medium
134395Scientific Linux Security Update : qemu-kvm on SL6.x i386/x86_64 (20200310)NessusScientific Linux Local Security Checks
medium
134393RHEL 6 : qemu-kvm (RHSA-2020:0775)NessusRed Hat Local Security Checks
high
134388Oracle Linux 6 : qemu-kvm (ELSA-2020-0775)NessusOracle Linux Local Security Checks
high
134386CentOS 6 : qemu-kvm (CESA-2020:0775)NessusCentOS Local Security Checks
high
133796Ubuntu 16.04 LTS / 18.04 LTS / 19.10 : QEMU vulnerabilities (USN-4283-1)NessusUbuntu Local Security Checks
medium
133481RHEL 8 : container-tools:rhel8 (RHSA-2020:0348)NessusRed Hat Local Security Checks
high
133419Debian DSA-4616-1 : qemu - security updateNessusDebian Local Security Checks
medium
133366Debian DLA-2090-1 : qemu security updateNessusDebian Local Security Checks
high
133229Debian DLA-2076-1 : slirp security updateNessusDebian Local Security Checks
high