CVE-2020-8608

Published: 06 February 2020

In libslirp 4.1.0, as used in QEMU 4.2.0, tcp_subr.c misuses snprintf return values, leading to a buffer overflow in later code.

From the Ubuntu security team

It was discovered that the SLiRP networking implementation of the QEMU emulator misuses snprintf return values. An attacker could use this to cause a denial of service (application crash) or potentially execute arbitrary code.

Priority

Medium

CVSS 3 base score: 5.6

Status

Package Release Status
libslirp
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 21.04 (Hirsute Hippo)
Released (4.1.0-2ubuntu1)
Ubuntu 20.10 (Groovy Gorilla)
Released (4.1.0-2ubuntu1)
Ubuntu 20.04 LTS (Focal Fossa)
Released (4.1.0-2ubuntu1)
Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 LTS (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

Ubuntu 12.04 ESM (Precise Pangolin) Does not exist

Patches:
Upstream: https://gitlab.freedesktop.org/slirp/libslirp/commit/30648c03b27fb8d9611b723184216cd3174b6775
Upstream: https://gitlab.freedesktop.org/slirp/libslirp/commit/68ccb8021a838066f0951d4b2817eb6b6f10a843
qemu
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 21.04 (Hirsute Hippo) Not vulnerable
(uses system libslirp)
Ubuntu 20.10 (Groovy Gorilla) Not vulnerable
(uses system libslirp)
Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable
(uses system libslirp)
Ubuntu 18.04 LTS (Bionic Beaver)
Released (1:2.11+dfsg-1ubuntu7.23)
Ubuntu 16.04 LTS (Xenial Xerus)
Released (1:2.5+dfsg-5ubuntu10.43)
Ubuntu 14.04 ESM (Trusty Tahr) Needs triage

Ubuntu 12.04 ESM (Precise Pangolin) Does not exist

qemu-kvm
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 21.04 (Hirsute Hippo) Does not exist

Ubuntu 20.10 (Groovy Gorilla) Does not exist

Ubuntu 20.04 LTS (Focal Fossa) Does not exist

Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 LTS (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

Ubuntu 12.04 ESM (Precise Pangolin) Needs triage

slirp
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 21.04 (Hirsute Hippo) Needed

Ubuntu 20.10 (Groovy Gorilla) Needed

Ubuntu 20.04 LTS (Focal Fossa) Needed

Ubuntu 18.04 LTS (Bionic Beaver)
Released (1:1.0.17-8ubuntu18.04.1)
Ubuntu 16.04 LTS (Xenial Xerus)
Released (1:1.0.17-8ubuntu16.04.1)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

Ubuntu 12.04 ESM (Precise Pangolin) Does not exist

slirp4netns
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 21.04 (Hirsute Hippo) Not vulnerable
(1.0.1-1)
Ubuntu 20.10 (Groovy Gorilla) Not vulnerable
(1.0.1-1)
Ubuntu 20.04 LTS (Focal Fossa) Needs triage

Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 LTS (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

Ubuntu 12.04 ESM (Precise Pangolin) Does not exist

Notes

AuthorNote
mdeslaur possible better approach would be to disable tcp_emu completely https://gitlab.freedesktop.org/slirp/libslirp/commit/07c2a44b67e219ac14207f7a1b33704e1312cf91

References