CVE-2020-8608

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

In libslirp 4.1.0, as used in QEMU 4.2.0, tcp_subr.c misuses snprintf return values, leading to a buffer overflow in later code.

References

http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00007.html

https://gitlab.freedesktop.org/slirp/libslirp/-/tags/v4.1.0

https://gitlab.freedesktop.org/slirp/libslirp/commit/68ccb8021a838066f0951d4b2817eb6b6f10a843

https://lists.debian.org/debian-lts-announce/2020/03/msg00015.html

https://lists.debian.org/debian-lts-announce/2020/03/msg00017.html

https://lists.debian.org/debian-lts-announce/2020/07/msg00020.html

https://lists.debian.org/debian-lts-announce/2021/02/msg00012.html

https://security.gentoo.org/glsa/202003-66

https://security.netapp.com/advisory/ntap-20201001-0002/

https://usn.ubuntu.com/4283-1/

https://www.debian.org/security/2020/dsa-4733

https://www.openwall.com/lists/oss-security/2020/02/06/2

Details

Source: MITRE

Published: 2020-02-06

Updated: 2021-02-14

Type: CWE-120

Risk Information

CVSS v2

Base Score: 6.8

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 8.6

Severity: MEDIUM

CVSS v3

Base Score: 5.6

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

Impact Score: 3.4

Exploitability Score: 2.2

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:libslirp_project:libslirp:4.1.0:*:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*

Tenable Plugins

View all (65 total)

IDNameProductFamilySeverity
151714openSUSE 15 Security Update : qemu (openSUSE-SU-2021:1942-1)NessusSuSE Local Security Checks
medium
151619openSUSE 15 Security Update : qemu (openSUSE-SU-2021:1043-1)NessusSuSE Local Security Checks
medium
150736SUSE SLED15 / SLES15 Security Update : qemu (SUSE-SU-2021:1942-1)NessusSuSE Local Security Checks
medium
150733SUSE SLES12 Security Update : qemu (SUSE-SU-2021:1947-1)NessusSuSE Local Security Checks
medium
150615SUSE SLES11 Security Update : kvm (SUSE-SU-2020:14396-1)NessusSuSE Local Security Checks
medium
150584SUSE SLES11 Security Update : xen (SUSE-SU-2020:14444-1)NessusSuSE Local Security Checks
critical
150468SUSE SLES15 Security Update : qemu (SUSE-SU-2021:1918-1)NessusSuSE Local Security Checks
medium
150414SUSE SLED15 / SLES15 Security Update : qemu (SUSE-SU-2021:1893-1)NessusSuSE Local Security Checks
medium
150399SUSE SLES12 Security Update : qemu (SUSE-SU-2021:1894-1)NessusSuSE Local Security Checks
medium
150395SUSE SLES15 Security Update : qemu (SUSE-SU-2021:1895-1)NessusSuSE Local Security Checks
medium
150220SUSE SLES12 Security Update : qemu (SUSE-SU-2021:1837-1)NessusSuSE Local Security Checks
medium
150203SUSE SLES12 Security Update : qemu (SUSE-SU-2021:1829-1)NessusSuSE Local Security Checks
medium
147700EulerOS Virtualization 2.9.0 : qemu (EulerOS-SA-2021-1667)NessusHuawei Local Security Checks
medium
147523EulerOS Virtualization 2.9.1 : qemu (EulerOS-SA-2021-1632)NessusHuawei Local Security Checks
medium
147408NewStart CGSL MAIN 4.06 : qemu-kvm Multiple Vulnerabilities (NS-SA-2021-0004)NessusNewStart CGSL Local Security Checks
medium
146372Debian DLA-2551-1 : slirp security updateNessusDebian Local Security Checks
medium
145861CentOS 8 : virt:rhel (CESA-2020:2774)NessusCentOS Local Security Checks
medium
144492SUSE SLES12 Security Update : xen (SUSE-SU-2020:3880-1)NessusSuSE Local Security Checks
medium
143036RHEL 8 : virt:rhel (RHSA-2020:3040)NessusRed Hat Local Security Checks
medium
142969Ubuntu 16.04 LTS / 18.04 LTS : SLiRP vulnerabilities (USN-4632-1)NessusUbuntu Local Security Checks
medium
140275NewStart CGSL MAIN 4.05 : qemu-kvm Multiple Vulnerabilities (NS-SA-2020-0049)NessusNewStart CGSL Local Security Checks
medium
139595SUSE SLES12 Security Update : xen (SUSE-SU-2020:2234-1)NessusSuSE Local Security Checks
high
138202Oracle Linux 8 : virt:ol (ELSA-2020-2774)NessusOracle Linux Local Security Checks
medium
135665Oracle Linux 8 : container-tools:ol8 (ELSA-2020-1379)NessusOracle Linux Local Security Checks
medium
139454SUSE SLES12 Security Update : xen (SUSE-SU-2020:2171-1)NessusSuSE Local Security Checks
medium
139402SUSE SLES12 Security Update : xen (SUSE-SU-2020:2141-1)NessusSuSE Local Security Checks
medium
139088Amazon Linux AMI : qemu-kvm (ALAS-2020-1408)NessusAmazon Linux Local Security Checks
medium
138914Debian DSA-4733-1 : qemu - security updateNessusDebian Local Security Checks
medium
138911Debian DLA-2288-1 : qemu security updateNessusDebian Local Security Checks
medium
138856Amazon Linux 2 : qemu (ALAS-2020-1467)NessusAmazon Linux Local Security Checks
medium
138642Amazon Linux AMI : qemu-kvm (ALAS-2020-1400)NessusAmazon Linux Local Security Checks
medium
138173RHEL 7 : qemu-kvm (RHSA-2020:2844)NessusRed Hat Local Security Checks
medium
138073RHEL 7 : slirp4netns (RHSA-2020:0889)NessusRed Hat Local Security Checks
medium
138013RHEL 8 : virt:rhel (RHSA-2020:2773)NessusRed Hat Local Security Checks
medium
137892RHEL 8 : virt:rhel (RHSA-2020:2774)NessusRed Hat Local Security Checks
medium
137795EulerOS Virtualization for ARM 64 3.0.6.0 : qemu-kvm (EulerOS-SA-2020-1688)NessusHuawei Local Security Checks
medium
137758RHEL 7 : qemu-kvm-rhev (RHSA-2020:2730)NessusRed Hat Local Security Checks
medium
137586SUSE SLES12 Security Update : qemu (SUSE-SU-2020:1538-1)NessusSuSE Local Security Checks
medium
137581SUSE SLES12 Security Update : qemu (SUSE-SU-2020:1526-1)NessusSuSE Local Security Checks
medium
137579SUSE SLES15 Security Update : qemu (SUSE-SU-2020:1523-1)NessusSuSE Local Security Checks
medium
137577SUSE SLES12 Security Update : qemu (SUSE-SU-2020:1514-1)NessusSuSE Local Security Checks
medium
137549SUSE SLES12 Security Update : qemu (SUSE-SU-2020:1501-1)NessusSuSE Local Security Checks
medium
137489EulerOS 2.0 SP2 : qemu-kvm (EulerOS-SA-2020-1647)NessusHuawei Local Security Checks
high
137244RHEL 6 : qemu-kvm (RHSA-2020:1403)NessusRed Hat Local Security Checks
medium
136015CentOS 6 : qemu-kvm (CESA-2020:1403)NessusCentOS Local Security Checks
critical
135833Scientific Linux Security Update : qemu-kvm on SL7.x x86_64 (20200407)NessusScientific Linux Local Security Checks
medium
135559EulerOS 2.0 SP3 : qemu-kvm (EulerOS-SA-2020-1430)NessusHuawei Local Security Checks
critical
135428Oracle Linux 7 : qemu-kvm (ELSA-2020-1208)NessusOracle Linux Local Security Checks
critical
135382Scientific Linux Security Update : qemu-kvm on SL6.x i386/x86_64 (20200408)NessusScientific Linux Local Security Checks
medium
135379Oracle Linux 6 : qemu-kvm (ELSA-2020-1403)NessusOracle Linux Local Security Checks
critical
135265openSUSE Security Update : qemu (openSUSE-2020-468)NessusSuSE Local Security Checks
medium
135251RHEL 8 : container-tools:rhel8 (RHSA-2020:1379)NessusRed Hat Local Security Checks
medium
135249RHEL 7 : qemu-kvm-ma (RHSA-2020:1352)NessusRed Hat Local Security Checks
medium
135245RHEL 7 : qemu-kvm (RHSA-2020:1351)NessusRed Hat Local Security Checks
medium
135175RHEL 7 : qemu-kvm-rhev (RHSA-2020:1292)NessusRed Hat Local Security Checks
medium
135173RHEL 7 : qemu-kvm-rhev (RHSA-2020:1300)NessusRed Hat Local Security Checks
medium
135169SUSE SLES12 Security Update : qemu (SUSE-SU-2020:0845-1)NessusSuSE Local Security Checks
medium
135168SUSE SLED15 / SLES15 Security Update : qemu (SUSE-SU-2020:0844-1)NessusSuSE Local Security Checks
medium
135065RHEL 7 : qemu-kvm (RHSA-2020:1208)NessusRed Hat Local Security Checks
medium
135050RHEL 7 : qemu-kvm-ma (RHSA-2020:1209)NessusRed Hat Local Security Checks
medium
135021GLSA-202003-66 : QEMU: Multiple vulnerabilitiesNessusGentoo Local Security Checks
medium
134790EulerOS 2.0 SP8 : qemu (EulerOS-SA-2020-1298)NessusHuawei Local Security Checks
medium
134631Debian DLA-2144-1 : qemu security updateNessusDebian Local Security Checks
medium
134576Debian DLA-2142-1 : slirp security updateNessusDebian Local Security Checks
critical
133796Ubuntu 16.04 LTS / 18.04 LTS / 19.10 : QEMU vulnerabilities (USN-4283-1)NessusUbuntu Local Security Checks
medium