CVE-2020-8608Classic Buffer Overflow in Project Libslirp

CWE-120Classic Buffer OverflowCWE-122Heap-based Buffer Overflow14 documents8 sources
Severity
5.6MEDIUMNVD
EPSS
1.5%
top 18.82%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Libslirp Project LibslirpQemuDebian Linux+1 more
Timeline
PublishedFeb 6
Latest updateNov 8

Description

In libslirp 4.1.0, as used in QEMU 4.2.0, tcp_subr.c misuses snprintf return values, leading to a buffer overflow in later code.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:LExploitability: 2.2 | Impact: 3.4

Affected Packages4 packages

Debianqemu/qemu< 1:4.1-2+3
Debianlibslirp_project/libslirp< 4.2.0-1+3
NVDopensuse/leap15.1

Also affects: Debian Linux 10.0, 8.0, 9.0

Patches

Patch: gitlab.freedesktop.orgPatch: www.openwall.comPatch: gitlab.freedesktop.org

🔴Vulnerability Details

5
GHSA
GHSA-495h-ww9w-vg4p: In libslirp 42022-05-24
OSV
slirp vulnerabilities2020-11-12
OSV
qemu vulnerabilities2020-02-18
OSV
CVE-2020-8608: In libslirp 42020-02-06
CVEList
CVE-2020-8608: In libslirp 42020-02-06

📋Vendor Advisories

5
Ubuntu
QEMU vulnerabilities2024-11-08
Ubuntu
SLiRP vulnerabilities2020-11-12
Ubuntu
QEMU vulnerabilities2020-02-18
Red Hat
QEMU: Slirp: potential OOB access due to unsafe snprintf() usages2020-01-27
Debian
CVE-2020-8608: libslirp - In libslirp 4.1.0, as used in QEMU 4.2.0, tcp_subr.c misuses snprintf return val...2020

💬Community

3
Bugzilla
CVE-2019-8608 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution2020-09-08
Bugzilla
CVE-2020-8608 QEMU: Slirp: potential OOB access due to unsafe snprintf() usages2020-02-05
Bugzilla
CVE-2020-8608 qemu: Slirp: potential OOB access due to unsafe snprintf() usages [fedora-all]2020-02-05
CVE-2020-8608 — Classic Buffer Overflow | cvebase