CVE-2019-15890

Published: 06/09/2019 Updated: 20/09/2019

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

It exists that the LSI SCSI adapter emulator implementation in QEMU did not properly validate executed scripts. A local attacker could use this to cause a denial of service. (CVE-2019-12068)

Vulnerable Product	Search on Vulmon	Subscribe to Product
libslirp project libslirp 4.0.0
qemu qemu 4.1.0

Debian Bug report logs - #939868 slirp4netns: CVE-2019-15890 Package: src:slirp4netns; Maintainer for src:slirp4netns is Reinhard Tartler <siretart@tauwarede>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 9 Sep 2019 15:45:01 UTC Severity: grave Tags: security, upstream Found in version slirp4ne ...

Synopsis Important: qemu-kvm security update Type/Severity Security Advisory: Important Topic An update for qemu-kvm is now available for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base scor ...

Synopsis Moderate: virt:rhel and virt-devel:rhel security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic An update for the virt:rhel and virt-devel:rhel modules is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a securi ...

Synopsis Important: slirp4netns security update Type/Severity Security Advisory: Important Topic An update for slirp4netns is now available for Red Hat Enterprise Linux 7 ExtrasRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CV ...

Several security issues were fixed in QEMU ...

Two security issues have been found in the SLiRP networking implementation of QEMU, a fast processor emulator, which could result in the execution of arbitrary code or denial of service For the oldstable distribution (stretch), these problems have been fixed in version 1:28+dfsg-6+deb9u9 For the stable distribution (buster), these problems have ...

A use-after-free issue was found in the SLiRP networking implementation of the QEMU emulator The issue occurs in ip_reass() routine while reassembling incoming packets, if the first fragment is bigger than the m->m_dat[] buffer A user or process could use this flaw to crash the QEMU process on the host, resulting in a denial of service (CVE-2 ...

Hello, Upstream patch: --------------- -> gitlabfreedesktoporg/slirp/libslirp/commit/c59279437eda91841b9d26079c70b8a540d41204 CVE-2019-15890 assigned via -> cveformmitreorg/ Thank you -- Prasad J Pandit / Red Hat Product Security Team 47AF CE69 3A90 54AA 9045 1053 DD13 3D32 FE5B 041F ...

CWE-416 https://gitlab.freedesktop.org/slirp/libslirp/commit/c5927943 http://www.openwall.com/lists/oss-security/2019/09/06/3 https://lists.debian.org/debian-lts-announce/2019/09/msg00021.html https://usn.ubuntu.com/4191-2/http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00034.html https://usn.ubuntu.com/4191-1/https://seclists.org/bugtraq/2020/Feb/0 https://www.debian.org/security/2020/dsa-4616 https://access.redhat.com/errata/RHSA-2020:0775 https://nvd.nist.gov https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=939868 https://usn.ubuntu.com/4191-1/

CVE-2019-15890

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Mailing Lists

References

Vulmon Search

About

Products

Connect