CVE-2020-8608
Published: 6 February 2020
In libslirp 4.1.0, as used in QEMU 4.2.0, tcp_subr.c misuses snprintf return values, leading to a buffer overflow in later code.
From the Ubuntu Security Team
It was discovered that the SLiRP networking implementation of the QEMU emulator misuses snprintf return values. An attacker could use this to cause a denial of service (application crash) or potentially execute arbitrary code.
Notes
Author | Note |
---|---|
mdeslaur | possible better approach would be to disable tcp_emu completely https://gitlab.freedesktop.org/slirp/libslirp/commit/07c2a44b67e219ac14207f7a1b33704e1312cf91 |
Priority
Status
Package | Release | Status |
---|---|---|
libslirp Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
eoan |
Does not exist
|
|
focal |
Released
(4.1.0-2ubuntu1)
|
|
groovy |
Released
(4.1.0-2ubuntu1)
|
|
hirsute |
Released
(4.1.0-2ubuntu1)
|
|
impish |
Released
(4.1.0-2ubuntu1)
|
|
jammy |
Released
(4.1.0-2ubuntu1)
|
|
kinetic |
Released
(4.1.0-2ubuntu1)
|
|
lunar |
Released
(4.1.0-2ubuntu1)
|
|
mantic |
Released
(4.1.0-2ubuntu1)
|
|
trusty |
Does not exist
|
|
upstream |
Needs triage
|
|
xenial |
Does not exist
|
|
Patches: upstream: https://gitlab.freedesktop.org/slirp/libslirp/commit/30648c03b27fb8d9611b723184216cd3174b6775 upstream: https://gitlab.freedesktop.org/slirp/libslirp/commit/68ccb8021a838066f0951d4b2817eb6b6f10a843 |
||
qemu Launchpad, Ubuntu, Debian |
bionic |
Released
(1:2.11+dfsg-1ubuntu7.23)
|
eoan |
Released
(1:4.0+dfsg-0ubuntu9.4)
|
|
focal |
Not vulnerable
(uses system libslirp)
|
|
groovy |
Not vulnerable
(uses system libslirp)
|
|
hirsute |
Not vulnerable
(uses system libslirp)
|
|
impish |
Not vulnerable
(uses system libslirp)
|
|
jammy |
Not vulnerable
(uses system libslirp)
|
|
kinetic |
Not vulnerable
(uses system libslirp)
|
|
lunar |
Not vulnerable
(uses system libslirp)
|
|
mantic |
Not vulnerable
(uses system libslirp)
|
|
trusty |
Needs triage
|
|
upstream |
Needs triage
|
|
xenial |
Released
(1:2.5+dfsg-5ubuntu10.43)
|
|
qemu-kvm Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
eoan |
Does not exist
|
|
focal |
Does not exist
|
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
mantic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Needs triage
|
|
xenial |
Does not exist
|
|
slirp Launchpad, Ubuntu, Debian |
bionic |
Released
(1:1.0.17-8ubuntu18.04.1)
|
eoan |
Ignored
(end of life)
|
|
focal |
Needed
|
|
groovy |
Ignored
(end of life)
|
|
hirsute |
Ignored
(end of life)
|
|
impish |
Ignored
(end of life)
|
|
jammy |
Needed
|
|
kinetic |
Ignored
(end of life, was needed)
|
|
lunar |
Ignored
(end of life, was needed)
|
|
mantic |
Needed
|
|
trusty |
Released
(1:1.0.17-7+deb8u2build0.14.04.1+esm1)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only) |
|
upstream |
Needs triage
|
|
xenial |
Released
(1:1.0.17-8ubuntu16.04.1)
|
|
slirp4netns Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
eoan |
Ignored
(end of life)
|
|
focal |
Needs triage
|
|
groovy |
Not vulnerable
(1.0.1-1)
|
|
hirsute |
Not vulnerable
(1.0.1-1)
|
|
impish |
Not vulnerable
(1.0.1-1)
|
|
jammy |
Not vulnerable
(1.0.1-1)
|
|
kinetic |
Not vulnerable
(1.0.1-1)
|
|
lunar |
Not vulnerable
(1.0.1-1)
|
|
mantic |
Not vulnerable
(1.0.1-1)
|
|
trusty |
Does not exist
|
|
upstream |
Needs triage
|
|
xenial |
Does not exist
|
Severity score breakdown
Parameter | Value |
---|---|
Base score | 5.6 |
Attack vector | Network |
Attack complexity | High |
Privileges required | None |
User interaction | None |
Scope | Unchanged |
Confidentiality | Low |
Integrity impact | Low |
Availability impact | Low |
Vector | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L |