CVE-2020-7039
Published: 16 January 2020
tcp_emu in tcp_subr.c in libslirp 4.1.0, as used in QEMU 4.2.0, mismanages memory, as demonstrated by IRC DCC commands in EMU_IRC. This can cause a heap-based buffer overflow or other out-of-bounds access which can lead to a DoS or potential execute arbitrary code.
From the Ubuntu security team
It was discovered that the SLiRP networking implementation of the QEMU emulator did not properly manage memory under certain circumstances. An attacker could use this to cause a heap-based buffer overflow or other out-of-bounds access, which can lead to a denial of service (application crash) or potential execute arbitrary code.
Priority
Medium
CVSS 3 base score: 5.6
Status
| Package | Release | Status |
|---|---|---|
|
libslirp Launchpad, Ubuntu, Debian |
Upstream |
Released
(4.1.0-2)
|
| Ubuntu 21.04 (Hirsute Hippo) |
Not vulnerable
(4.1.0-2)
|
|
| Ubuntu 20.10 (Groovy Gorilla) |
Not vulnerable
(4.1.0-2)
|
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Not vulnerable
(4.1.0-2)
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Does not exist
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Does not exist
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
|
Patches: Upstream: https://gitlab.freedesktop.org/slirp/libslirp/commit/2655fffed7a9e765bcb4701dd876e9dab975f289 Upstream: https://gitlab.freedesktop.org/slirp/libslirp/commit/ce131029d6d4a405cb7d3ac6716d03e58fb4a5d9 Upstream: https://gitlab.freedesktop.org/slirp/libslirp/commit/82ebe9c370a0e2970fb5695aa19aa5214a6a1c80 |
||
|
qemu Launchpad, Ubuntu, Debian |
Upstream |
Released
(1:4.2-1)
|
| Ubuntu 21.04 (Hirsute Hippo) |
Not vulnerable
(uses system libslirp)
|
|
| Ubuntu 20.10 (Groovy Gorilla) |
Not vulnerable
(uses system libslirp)
|
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Not vulnerable
(uses system libslirp)
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Released
(1:2.11+dfsg-1ubuntu7.23)
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Released
(1:2.5+dfsg-5ubuntu10.43)
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Needed
|
|
|
qemu-kvm Launchpad, Ubuntu, Debian |
Upstream |
Needs triage
|
| Ubuntu 21.04 (Hirsute Hippo) |
Does not exist
|
|
| Ubuntu 20.10 (Groovy Gorilla) |
Does not exist
|
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Does not exist
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Does not exist
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
|
slirp Launchpad, Ubuntu, Debian |
Upstream |
Needed
|
| Ubuntu 21.04 (Hirsute Hippo) |
Not vulnerable
(1:1.0.17-10)
|
|
| Ubuntu 20.10 (Groovy Gorilla) |
Not vulnerable
(1:1.0.17-10)
|
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Not vulnerable
(1:1.0.17-10)
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Released
(1:1.0.17-8ubuntu18.04.1)
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Released
(1:1.0.17-8ubuntu16.04.1)
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
Notes
| Author | Note |
|---|---|
| mdeslaur | possible better approach would be to disable tcp_emu completely https://gitlab.freedesktop.org/slirp/libslirp/commit/07c2a44b67e219ac14207f7a1b33704e1312cf91 |