QwikSec

Security Database

CVE

CWE

Training

CVE-2020-7039

Published: Jan 16, 2020

Modified: Aug 4, 2024

PUBLISHED

Description

tcp_emu in tcp_subr.c in libslirp 4.1.0, as used in QEMU 4.2.0, mismanages memory, as demonstrated by IRC DCC commands in EMU_IRC. This can cause a heap-based buffer overflow or other out-of-bounds access which can lead to a DoS or potential execute arbitrary code.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://gitlab.freedesktop.org/slirp/libslirp/commit/ce131029d6d4a405cb7d3ac6716d03e58fb4a5d9

x_refsource_MISC

https://gitlab.freedesktop.org/slirp/libslirp/commit/82ebe9c370a0e2970fb5695aa19aa5214a6a1c80

x_refsource_MISC

https://gitlab.freedesktop.org/slirp/libslirp/commit/2655fffed7a9e765bcb4701dd876e9dab975f289

x_refsource_MISC

http://www.openwall.com/lists/oss-security/2020/01/16/2

x_refsource_CONFIRM

[debian-lts-announce] 20200126 [SECURITY] [DLA 2076-1] slirp security update

mailing-list

x_refsource_MLIST

[debian-lts-announce] 20200131 [SECURITY] [DLA 2090-1] qemu security update

mailing-list

x_refsource_MLIST

20200203 [SECURITY] [DSA 4616-1] qemu security update

mailing-list

x_refsource_BUGTRAQ

vendor-advisory

x_refsource_DEBIAN

vendor-advisory

x_refsource_REDHAT

vendor-advisory

x_refsource_UBUNTU

vendor-advisory

x_refsource_REDHAT

openSUSE-SU-2020:0468

vendor-advisory

x_refsource_SUSE

vendor-advisory

x_refsource_GENTOO

[debian-lts-announce] 20210209 [SECURITY] [DLA 2551-1] slirp security update

mailing-list

x_refsource_MLIST

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.