CVE-2020-7039

MEDIUM

Description

tcp_emu in tcp_subr.c in libslirp 4.1.0, as used in QEMU 4.2.0, mismanages memory, as demonstrated by IRC DCC commands in EMU_IRC. This can cause a heap-based buffer overflow or other out-of-bounds access which can lead to a DoS or potential execute arbitrary code.

References

http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00007.html

http://www.openwall.com/lists/oss-security/2020/01/16/2

https://access.redhat.com/errata/RHSA-2020:0348

https://access.redhat.com/errata/RHSA-2020:0775

https://gitlab.freedesktop.org/slirp/libslirp/commit/2655fffed7a9e765bcb4701dd876e9dab975f289

https://gitlab.freedesktop.org/slirp/libslirp/commit/82ebe9c370a0e2970fb5695aa19aa5214a6a1c80

https://gitlab.freedesktop.org/slirp/libslirp/commit/ce131029d6d4a405cb7d3ac6716d03e58fb4a5d9

https://lists.debian.org/debian-lts-announce/2020/01/msg00022.html

https://lists.debian.org/debian-lts-announce/2020/01/msg00036.html

https://seclists.org/bugtraq/2020/Feb/0

https://security.gentoo.org/glsa/202005-02

https://usn.ubuntu.com/4283-1/

https://www.debian.org/security/2020/dsa-4616

Details

Source: MITRE

Published: 2020-01-16

Updated: 2020-07-17

Type: CWE-787

Risk Information

CVSS v2.0

Base Score: 6.8

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 8.6

Severity: MEDIUM

CVSS v3.0

Base Score: 5.6

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

Impact Score: 3.4

Exploitability Score: 2.2

Severity: MEDIUM

Tenable Plugins

View all (42 total)

ID	Name	Product	Family	Severity
143039	RHEL 8 : container-tools:1.0 (RHSA-2020:1360)	Nessus	Red Hat Local Security Checks	medium
142969	Ubuntu 16.04 LTS / 18.04 LTS : SLiRP vulnerabilities (USN-4632-1)	Nessus	Ubuntu Local Security Checks	medium
140275	NewStart CGSL MAIN 4.05 : qemu-kvm Multiple Vulnerabilities (NS-SA-2020-0049)	Nessus	NewStart CGSL Local Security Checks	medium
140033	Oracle Linux 8 : container-tools:ol8 (ELSA-2020-0348)	Nessus	Oracle Linux Local Security Checks	medium
135664	Oracle Linux 8 : virt:ol (ELSA-2020-1358)	Nessus	Oracle Linux Local Security Checks	medium
139382	RHEL 8 : virt:rhel (RHSA-2020:1358)	Nessus	Red Hat Local Security Checks	medium
139088	Amazon Linux AMI : qemu-kvm (ALAS-2020-1408)	Nessus	Amazon Linux Local Security Checks	medium
138642	Amazon Linux AMI : qemu-kvm (ALAS-2020-1400)	Nessus	Amazon Linux Local Security Checks	medium
138073	RHEL 7 : slirp4netns (RHSA-2020:0889)	Nessus	Red Hat Local Security Checks	medium
137795	EulerOS Virtualization for ARM 64 3.0.6.0 : qemu-kvm (EulerOS-SA-2020-1688)	Nessus	Huawei Local Security Checks	medium
137758	RHEL 7 : qemu-kvm-rhev (RHSA-2020:2730)	Nessus	Red Hat Local Security Checks	medium
137586	SUSE SLES12 Security Update : qemu (SUSE-SU-2020:1538-1)	Nessus	SuSE Local Security Checks	medium
137581	SUSE SLES12 Security Update : qemu (SUSE-SU-2020:1526-1)	Nessus	SuSE Local Security Checks	medium
137579	SUSE SLES15 Security Update : qemu (SUSE-SU-2020:1523-1)	Nessus	SuSE Local Security Checks	medium
137577	SUSE SLES12 Security Update : qemu (SUSE-SU-2020:1514-1)	Nessus	SuSE Local Security Checks	medium
137549	SUSE SLES12 Security Update : qemu (SUSE-SU-2020:1501-1)	Nessus	SuSE Local Security Checks	medium
137489	EulerOS 2.0 SP2 : qemu-kvm (EulerOS-SA-2020-1647)	Nessus	Huawei Local Security Checks	high
136539	GLSA-202005-02 : QEMU: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	medium
135559	EulerOS 2.0 SP3 : qemu-kvm (EulerOS-SA-2020-1430)	Nessus	Huawei Local Security Checks	critical
135340	CentOS 7 : qemu-kvm (CESA-2020:1116)	Nessus	CentOS Local Security Checks	high
135265	openSUSE Security Update : qemu (openSUSE-2020-468)	Nessus	SuSE Local Security Checks	medium
135253	RHEL 8 : virt:rhel (RHSA-2020:1344)	Nessus	Red Hat Local Security Checks	medium
135249	RHEL 7 : qemu-kvm-ma (RHSA-2020:1352)	Nessus	Red Hat Local Security Checks	medium
135245	RHEL 7 : qemu-kvm (RHSA-2020:1351)	Nessus	Red Hat Local Security Checks	medium
135176	RHEL 7 : qemu-kvm-rhev (RHSA-2020:1296)	Nessus	Red Hat Local Security Checks	medium
135173	RHEL 7 : qemu-kvm-rhev (RHSA-2020:1300)	Nessus	Red Hat Local Security Checks	medium
135169	SUSE SLES12 Security Update : qemu (SUSE-SU-2020:0845-1)	Nessus	SuSE Local Security Checks	medium
135168	SUSE SLED15 / SLES15 Security Update : qemu (SUSE-SU-2020:0844-1)	Nessus	SuSE Local Security Checks	medium
135051	RHEL 7 : qemu-kvm-ma (RHSA-2020:1150)	Nessus	Red Hat Local Security Checks	medium
135036	RHEL 7 : qemu-kvm (RHSA-2020:1116)	Nessus	Red Hat Local Security Checks	medium
134898	Amazon Linux 2 : qemu (ALAS-2020-1407)	Nessus	Amazon Linux Local Security Checks	medium
134790	EulerOS 2.0 SP8 : qemu (EulerOS-SA-2020-1298)	Nessus	Huawei Local Security Checks	medium
134611	OracleVM 3.4 : qemu-kvm (OVMSA-2020-0010)	Nessus	OracleVM Local Security Checks	medium
134395	Scientific Linux Security Update : qemu-kvm on SL6.x i386/x86_64 (20200310)	Nessus	Scientific Linux Local Security Checks	medium
134393	RHEL 6 : qemu-kvm (RHSA-2020:0775)	Nessus	Red Hat Local Security Checks	high
134388	Oracle Linux 6 : qemu-kvm (ELSA-2020-0775)	Nessus	Oracle Linux Local Security Checks	high
134386	CentOS 6 : qemu-kvm (CESA-2020:0775)	Nessus	CentOS Local Security Checks	high
133796	Ubuntu 16.04 LTS / 18.04 LTS / 19.10 : QEMU vulnerabilities (USN-4283-1)	Nessus	Ubuntu Local Security Checks	medium
133481	RHEL 8 : container-tools:rhel8 (RHSA-2020:0348)	Nessus	Red Hat Local Security Checks	high
133419	Debian DSA-4616-1 : qemu - security update	Nessus	Debian Local Security Checks	medium
133366	Debian DLA-2090-1 : qemu security update	Nessus	Debian Local Security Checks	high
133229	Debian DLA-2076-1 : slirp security update	Nessus	Debian Local Security Checks	high