CVE-2020-10756: An out-of-bounds read vulnerability was found in the SLiRP networking implementation of the QEMU emulator. This flaw occurs in the icmp6_send_echoreply()…

medium6.5CVSS 3.1

AVLACLPRLUINSCCHINAN

An out-of-bounds read vulnerability was found in the SLiRP networking implementation of the QEMU emulator. This flaw occurs in the icmp6_send_echoreply() routine while replying to an ICMP echo request, also known as ping. This flaw allows a malicious guest to leak the contents of the host memory, resulting in possible information disclosure. This flaw affects versions of libslirp before 4.3.1.

Affected

28 ranges· showing 25

Vendor	Product	Version range	Fixed in
canonical	ubuntu_linux	—	—
canonical	ubuntu_linux	—	—
canonical	ubuntu_linux	—	—
debian	debian_linux	—	—
debian	debian_linux	—	—
debian	libslirp	< libslirp 4.3.1-1 (bookworm)	libslirp 4.3.1-1 (bookworm)
debian	qemu	< libslirp 4.3.1-1 (bookworm)	libslirp 4.3.1-1 (bookworm)
debian	qemu	—	—
debian	slirp4netns	< libslirp 4.3.1-1 (bookworm)	libslirp 4.3.1-1 (bookworm)
libslirp_project	libslirp	< 4.3.1	4.3.1
libslirp_project	libslirp	>= 0 < 4.3.1-1	4.3.1-1
libslirp_project	libslirp	>= 0 < 4.3.1-1	4.3.1-1
libslirp_project	libslirp	>= 0 < 4.3.1-1	4.3.1-1
libslirp_project	libslirp	>= 0 < 4.3.1-1	4.3.1-1
msrc	cm1_qemu-kvm_4.2.0-48_on_cbl_mariner_1.0	—	—
opensuse	leap	—	—
opensuse	leap	—	—
qemu	qemu	< 4.2.0-34	4.2.0-34
qemu	qemu	>= 0 < 1:4.1-2	1:4.1-2
qemu	qemu	>= 0 < 1:4.1-2	1:4.1-2
qemu	qemu	>= 0 < 1:4.1-2	1:4.1-2
qemu	qemu	>= 0 < 1:4.1-2	1:4.1-2
qemu	qemu	>= 0 < 1:2.5+dfsg-5ubuntu10.45	1:2.5+dfsg-5ubuntu10.45
qemu	qemu	>= 0 < 1:2.11+dfsg-1ubuntu7.31	1:2.11+dfsg-1ubuntu7.31
qemu	qemu	>= 0 < 1:4.2-3ubuntu6.4	1:4.2-3ubuntu6.4

CVSS provenance

nvdv3.16.5MEDIUMCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

osv6.5MEDIUM