Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
605
VMScore

CVE-2020-8608

Published: 06/02/2020 Updated: 14/02/2021
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
CVSS v3 Base Score: 5.6 | Impact Score: 3.4 | Exploitability Score: 2.2
VMScore: 605
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Subscribe to Libslirp Project

Vulnerability Summary

In libslirp 4.1.0, as used in QEMU 4.2.0, tcp_subr.c misuses snprintf return values, leading to a buffer overflow in later code.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

libslirp project libslirp 4.1.0

debian debian linux 8.0

debian debian linux 9.0

debian debian linux 10.0

opensuse leap 15.1

Vendor Advisories

Ubuntu Security Notice: qemu vulnerabilities
Several security issues were fixed in QEMU ...
Debian Security Advisories: DSA-4733-1 qemu -- security update
It was discovered that incorrect memory handling in the SLIRP networking implementation could result in denial of service or potentially the execution of arbitrary code For the stable distribution (buster), this problem has been fixed in version 1:31+dfsg-8+deb10u7 In addition this update fixes a regression caused by the patch for CVE-2020-13754 ...
Amazon Linux 2: ALAS2-2020-1467
In libslirp 410, as used in QEMU 420, tcp_subrc misuses snprintf return values, leading to a buffer overflow in later code (CVE-2020-8608) tcp_emu in slirp/tcp_subrc (aka slirp/src/tcp_subrc) in QEMU 300 uses uninitialized data in an snprintf call, leading to Information disclosure (CVE-2019-9824) ...
Red Hat: Important: qemu-kvm security and bug fix update
Synopsis Important: qemu-kvm security and bug fix update Type/Severity Security Advisory: Important Topic An update for qemu-kvm is now available for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVS ...
Red Hat: Important: qemu-kvm-rhev bug fix update
Synopsis Important: qemu-kvm-rhev bug fix update Type/Severity Security Advisory: Important Topic An update for qemu-kvm-rhev is now available for Red Hat Virtualization for Red Hat Virtualization Host 7Red Hat Product Security has rated this update as having a security impact of Low A Common Vulnerabilit ...
Red Hat: Important: qemu-kvm-ma security update
Synopsis Important: qemu-kvm-ma security update Type/Severity Security Advisory: Important Topic An update for qemu-kvm-ma is now available for Red Hat Enterprise Linux 77 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability ...
Red Hat: Important: virt:rhel security update
Synopsis Important: virt:rhel security update Type/Severity Security Advisory: Important Topic An update for the virt:rhel module is now available for Red Hat Enterprise Linux 80 Update Services for SAP SolutionsRed Hat Product Security has rated this update as having a security impact of Important A Com ...
Red Hat: Important: qemu-kvm-rhev security update
Synopsis Important: qemu-kvm-rhev security update Type/Severity Security Advisory: Important Topic An update for qemu-kvm-rhev is now available for Red Hat OpenStack Platform 100 (Newton)Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring ...
Red Hat: Important: qemu-kvm security update
Synopsis Important: qemu-kvm security update Type/Severity Security Advisory: Important Topic An update for qemu-kvm is now available for Red Hat Enterprise Linux 77 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scori ...
Red Hat: Important: qemu-kvm security update
Synopsis Important: qemu-kvm security update Type/Severity Security Advisory: Important Topic An update for qemu-kvm is now available for Red Hat Enterprise Linux 76 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scori ...
Red Hat: Important: virt:8.1 security update
Synopsis Important: virt:81 security update Type/Severity Security Advisory: Important Topic An update for the virt:81 module is now available for Advanced Virtualization for RHEL 811Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring ...
Red Hat: Important: slirp4netns security update
Synopsis Important: slirp4netns security update Type/Severity Security Advisory: Important Topic An update for slirp4netns is now available for Red Hat Enterprise Linux 7 ExtrasRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CV ...
Red Hat: Important: virt:rhel security update
概要 Important: virt:rhel security update タイプ/重大度 Security Advisory: Important トピック An update for the virt:rhel module is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring ...
Red Hat: Important: virt:rhel security update
Synopsis Important: virt:rhel security update Type/Severity Security Advisory: Important Topic An update for the virt:rhel module is now available for Red Hat Enterprise Linux 81 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulner ...
Red Hat: Important: container-tools:rhel8 security and bug fix update
Synopsis Important: container-tools:rhel8 security and bug fix update Type/Severity Security Advisory: Important Topic An update for the container-tools:rhel8 module is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Important A Com ...
Red Hat: Important: qemu-kvm-rhev security update
Synopsis Important: qemu-kvm-rhev security update Type/Severity Security Advisory: Important Topic An update for qemu-kvm-rhev is now available for Red Hat Virtualization for Red Hat Virtualization Host 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulne ...
Red Hat: Important: qemu-kvm security update
Synopsis Important: qemu-kvm security update Type/Severity Security Advisory: Important Topic An update for qemu-kvm is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base scor ...
Red Hat: Important: qemu-kvm-rhev security update
Synopsis Important: qemu-kvm-rhev security update Type/Severity Security Advisory: Important Topic An update for qemu-kvm-rhev is now available for Red Hat OpenStack Platform13 (Queens)Red Hat Product Security has rated this update as having a security impactof Important A Common Vulnerability Scoring Sys ...
Amazon Linux AMI: ALAS-2020-1400
In libslirp 410, as used in QEMU 420, tcp_subrc misuses snprintf return values, leading to a buffer overflow in later code (CVE-2020-8608) tcp_emu in tcp_subrc in libslirp 410, as used in QEMU 420, mismanages memory, as demonstrated by IRC DCC commands in EMU_IRC This can cause a heap-based buffer overflow or other out-of-bounds access ...
Amazon Linux AMI: ALAS-2020-1408
tcp_emu in slirp/tcp_subrc (aka slirp/src/tcp_subrc) in QEMU 300 uses uninitialized data in an snprintf call, leading to Information disclosure (CVE-2019-9824) tcp_emu in tcp_subrc in libslirp 410, as used in QEMU 420, mismanages memory, as demonstrated by IRC DCC commands in EMU_IRC This can cause a heap-based buffer overflow or other o ...

References

CWE-120https://gitlab.freedesktop.org/slirp/libslirp/-/tags/v4.1.0https://gitlab.freedesktop.org/slirp/libslirp/commit/68ccb8021a838066f0951d4b2817eb6b6f10a843https://www.openwall.com/lists/oss-security/2020/02/06/2https://usn.ubuntu.com/4283-1/https://lists.debian.org/debian-lts-announce/2020/03/msg00015.htmlhttps://lists.debian.org/debian-lts-announce/2020/03/msg00017.htmlhttps://security.gentoo.org/glsa/202003-66http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00007.htmlhttps://www.debian.org/security/2020/dsa-4733https://lists.debian.org/debian-lts-announce/2020/07/msg00020.htmlhttps://security.netapp.com/advisory/ntap-20201001-0002/https://lists.debian.org/debian-lts-announce/2021/02/msg00012.htmlhttps://usn.ubuntu.com/4283-1/https://nvd.nist.gov
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-21111CVE-2024-32884IDORCVE-2023-1000CVE-2024-33260CVE-2024-3682reflected XSSrace conditionCVE-2024-3400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook