CVE-2020-7039

Published: 16 January 2020

tcp_emu in tcp_subr.c in libslirp 4.1.0, as used in QEMU 4.2.0, mismanages memory, as demonstrated by IRC DCC commands in EMU_IRC. This can cause a heap-based buffer overflow or other out-of-bounds access which can lead to a DoS or potential execute arbitrary code.

From the Ubuntu security team

It was discovered that the SLiRP networking implementation of the QEMU emulator did not properly manage memory under certain circumstances. An attacker could use this to cause a heap-based buffer overflow or other out-of-bounds access, which can lead to a denial of service (application crash) or potential execute arbitrary code.

Priority

Medium

CVSS 3 base score: 5.6

Status

Package Release Status
libslirp
Launchpad, Ubuntu, Debian
Upstream
Released (4.1.0-2)
Ubuntu 21.04 (Hirsute Hippo) Not vulnerable
(4.1.0-2)
Ubuntu 20.10 (Groovy Gorilla) Not vulnerable
(4.1.0-2)
Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable
(4.1.0-2)
Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 LTS (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

Ubuntu 12.04 ESM (Precise Pangolin) Does not exist

Patches:
Upstream: https://gitlab.freedesktop.org/slirp/libslirp/commit/2655fffed7a9e765bcb4701dd876e9dab975f289
Upstream: https://gitlab.freedesktop.org/slirp/libslirp/commit/ce131029d6d4a405cb7d3ac6716d03e58fb4a5d9
Upstream: https://gitlab.freedesktop.org/slirp/libslirp/commit/82ebe9c370a0e2970fb5695aa19aa5214a6a1c80
qemu
Launchpad, Ubuntu, Debian
Upstream
Released (1:4.2-1)
Ubuntu 21.04 (Hirsute Hippo) Not vulnerable
(uses system libslirp)
Ubuntu 20.10 (Groovy Gorilla) Not vulnerable
(uses system libslirp)
Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable
(uses system libslirp)
Ubuntu 18.04 LTS (Bionic Beaver)
Released (1:2.11+dfsg-1ubuntu7.23)
Ubuntu 16.04 LTS (Xenial Xerus)
Released (1:2.5+dfsg-5ubuntu10.43)
Ubuntu 14.04 ESM (Trusty Tahr) Needed

Ubuntu 12.04 ESM (Precise Pangolin) Does not exist

qemu-kvm
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 21.04 (Hirsute Hippo) Does not exist

Ubuntu 20.10 (Groovy Gorilla) Does not exist

Ubuntu 20.04 LTS (Focal Fossa) Does not exist

Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 LTS (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

Ubuntu 12.04 ESM (Precise Pangolin) Needs triage

slirp
Launchpad, Ubuntu, Debian
Upstream Needed

Ubuntu 21.04 (Hirsute Hippo) Not vulnerable
(1:1.0.17-10)
Ubuntu 20.10 (Groovy Gorilla) Not vulnerable
(1:1.0.17-10)
Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable
(1:1.0.17-10)
Ubuntu 18.04 LTS (Bionic Beaver)
Released (1:1.0.17-8ubuntu18.04.1)
Ubuntu 16.04 LTS (Xenial Xerus)
Released (1:1.0.17-8ubuntu16.04.1)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

Ubuntu 12.04 ESM (Precise Pangolin) Does not exist

Notes

AuthorNote
mdeslaur possible better approach would be to disable tcp_emu completely https://gitlab.freedesktop.org/slirp/libslirp/commit/07c2a44b67e219ac14207f7a1b33704e1312cf91

References