CVE-2020-7039 — MEDIUM (5.6)

Vulnerability Description

tcp_emu in tcp_subr.c in libslirp 4.1.0, as used in QEMU 4.2.0, mismanages memory, as demonstrated by IRC DCC commands in EMU_IRC. This can cause a heap-based buffer overflow or other out-of-bounds access which can lead to a DoS or potential execute arbitrary code.

CVSS Score

5.6

MEDIUM

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

LOW

Availability

LOW

Affected Products

Vendor	Product	Versions
Libslirp Project	Libslirp	4.1.0
Qemu	Qemu	4.2.0
Debian	Debian Linux	8.0
Opensuse	Leap	15.1

Related Weaknesses (CWE)

CWE-787

References

http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00007.htmlThird Party Advisory
http://www.openwall.com/lists/oss-security/2020/01/16/2Mailing ListPatchThird Party Advisory
https://access.redhat.com/errata/RHSA-2020:0348Third Party Advisory
https://access.redhat.com/errata/RHSA-2020:0775Third Party Advisory
https://gitlab.freedesktop.org/slirp/libslirp/commit/2655fffed7a9e765bcb4701dd87PatchThird Party Advisory
https://gitlab.freedesktop.org/slirp/libslirp/commit/82ebe9c370a0e2970fb5695aa19PatchThird Party Advisory
https://gitlab.freedesktop.org/slirp/libslirp/commit/ce131029d6d4a405cb7d3ac6716PatchThird Party Advisory
https://lists.debian.org/debian-lts-announce/2020/01/msg00022.htmlMailing ListThird Party Advisory
https://lists.debian.org/debian-lts-announce/2020/01/msg00036.htmlMailing ListThird Party Advisory
https://lists.debian.org/debian-lts-announce/2021/02/msg00012.htmlMailing ListThird Party Advisory
https://seclists.org/bugtraq/2020/Feb/0Mailing ListThird Party Advisory
https://security.gentoo.org/glsa/202005-02Third Party Advisory
https://usn.ubuntu.com/4283-1/Third Party Advisory
https://www.debian.org/security/2020/dsa-4616Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00007.htmlThird Party Advisory

FAQ

What is CVE-2020-7039?

CVE-2020-7039 is a vulnerability with a CVSS score of 5.6 (MEDIUM). tcp_emu in tcp_subr.c in libslirp 4.1.0, as used in QEMU 4.2.0, mismanages memory, as demonstrated by IRC DCC commands in EMU_IRC. This can cause a heap-based buffer overflow or other out-of-bounds ac...

How severe is CVE-2020-7039?

CVE-2020-7039 has been rated MEDIUM with a CVSS base score of 5.6/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-7039?

Check the references section above for vendor advisories and patch information. Affected products include: Libslirp Project Libslirp, Qemu Qemu, Debian Debian Linux, Opensuse Leap.