CVE-2020-1983Use After Free in Libslirp

CWE-416Use After FreeCWE-820Missing Synchronization14 documents9 sources
Severity
6.5MEDIUMNVD
CNA7.5
EPSS
0.2%
top 57.68%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
7
Libslirp Project LibslirpQemuSlirp Libslirp+4 more
Timeline
PublishedApr 22
Latest updateOct 1

Description

A use after free vulnerability in ip_reass() in ip_input.c of libslirp 4.2.0 and prior releases allows crafted packets to cause a denial of service.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:HExploitability: 2.0 | Impact: 4.0

Affected Packages5 packages

Debianlibslirp_project/libslirp< 4.2.0-2+3
CVEListV5slirp/libslirpunspecified4.2.0
Debianqemu/qemu< 1:4.1-2+3
NVDopensuse/leap15.1

Also affects: Debian Linux 8.0, 9.0, Fedora 31, 32, Ubuntu Linux 16.04, 18.04, 19.10, 20.04

Patches

Patch: gitlab.freedesktop.orgPatch: gitlab.freedesktop.org

🔴Vulnerability Details

3
GHSA
GHSA-m3gw-pxj4-v7p8: A use after free vulnerability in ip_reass() in ip_input2022-05-24
CVEList
libslirp: use after free vulnerability cause a denial of service.2020-04-22
OSV
CVE-2020-1983: A use after free vulnerability in ip_reass() in ip_input2020-04-22

📋Vendor Advisories

6
Red Hat
kernel: mmc: vub300: fix warning - do not call blocking ops when !TASK_RUNNING2025-10-01
Ubuntu
QEMU vulnerabilities2024-11-08
Jenkins
Jenkins Security Advisory 2020-08-172020-08-17
Ubuntu
QEMU vulnerabilities2020-05-21
Red Hat
QEMU: slirp: use-after-free in ip_reass() function in ip_input.c2020-04-02

💬Community

4
Bugzilla
CVE-2020-1983 qemu: slirp: use-after-free in ip_reass() function in ip_input.c [fedora-all]2020-05-14
Bugzilla
CVE-2020-1983 libslirp: QEMU: slirp: use-after-free in ip_reass() function in ip_input.c [epel-8]2020-04-30
Bugzilla
CVE-2020-1983 QEMU: slirp: use-after-free in ip_reass() function in ip_input.c2020-04-30
Bugzilla
CVE-2020-1983 libslirp: QEMU: slirp: use-after-free in ip_reass() function in ip_input.c [fedora-all]2020-04-30
CVE-2020-1983 — Use After Free in Slirp Libslirp | cvebase