Debian Slirp4Netns vulnerabilities

CVE-2020-1983 [HIGH] CVE-2020-1983: libslirp - A use after free vulnerability in ip_reass() in ip_input.c of libslirp 4.2.0 and... A use after free vulnerability in ip_reass() in ip_input.c of libslirp 4.2.0 and prior releases allows crafted packets to cause a denial of service. Scope: local bookworm: resolved (fixed in 4.2.0-2) bullseye: resolved (fixed in 4.2.0-2) forky: resolved (fixed in 4.2.0-2) sid: resolved (fixed in 4.2.0-2) trixie: resolved (fixed in 4.2.0-2)

CVE-2020-8608 [MEDIUM] CVE-2020-8608: libslirp - In libslirp 4.1.0, as used in QEMU 4.2.0, tcp_subr.c misuses snprintf return val... In libslirp 4.1.0, as used in QEMU 4.2.0, tcp_subr.c misuses snprintf return values, leading to a buffer overflow in later code. Scope: local bookworm: resolved (fixed in 4.2.0-1) bullseye: resolved (fixed in 4.2.0-1) forky: resolved (fixed in 4.2.0-1) sid: resolved (fixed in 4.2.0-1) trixie: resolved (fixed in 4.2.0-1)

CVE-2020-10756 [MEDIUM] CVE-2020-10756: libslirp - An out-of-bounds read vulnerability was found in the SLiRP networking implementa... An out-of-bounds read vulnerability was found in the SLiRP networking implementation of the QEMU emulator. This flaw occurs in the icmp6_send_echoreply() routine while replying to an ICMP echo request, also known as ping. This flaw allows a malicious guest to leak the contents of the host memory, resulting in possible information disclosure. This flaw affects ver

CVE-2019-15890 [HIGH] CVE-2019-15890: qemu - libslirp 4.0.0, as used in QEMU 4.1.0, has a use-after-free in ip_reass in ip_in... libslirp 4.0.0, as used in QEMU 4.1.0, has a use-after-free in ip_reass in ip_input.c. Scope: local bookworm: resolved (fixed in 1:4.1-2) bullseye: resolved (fixed in 1:4.1-2) forky: resolved (fixed in 1:4.1-2) sid: resolved (fixed in 1:4.1-2) trixie: resolved (fixed in 1:4.1-2)

CVE-2019-6778 [HIGH] CVE-2019-6778: qemu - In QEMU 3.0.0, tcp_emu in slirp/tcp_subr.c has a heap-based buffer overflow. In QEMU 3.0.0, tcp_emu in slirp/tcp_subr.c has a heap-based buffer overflow. Scope: local bookworm: resolved (fixed in 1:3.1+dfsg-3) bullseye: resolved (fixed in 1:3.1+dfsg-3) forky: resolved (fixed in 1:3.1+dfsg-3) sid: resolved (fixed in 1:3.1+dfsg-3) trixie: resolved (fixed in 1:3.1+dfsg-3)

CVE-2019-14378 [HIGH] CVE-2019-14378: qemu - ip_reass in ip_input.c in libslirp 4.0.0 has a heap-based buffer overflow via a ... ip_reass in ip_input.c in libslirp 4.0.0 has a heap-based buffer overflow via a large packet because it mishandles a case involving the first fragment. Scope: local bookworm: resolved (fixed in 1:4.1-1) bullseye: resolved (fixed in 1:4.1-1) forky: resolved (fixed in 1:4.1-1) sid: resolved (fixed in 1:4.1-1) trixie: resolved (fixed in 1:4.1-1)

CVE-2019-9824 [MEDIUM] CVE-2019-9824: qemu - tcp_emu in slirp/tcp_subr.c (aka slirp/src/tcp_subr.c) in QEMU 3.0.0 uses uninit... tcp_emu in slirp/tcp_subr.c (aka slirp/src/tcp_subr.c) in QEMU 3.0.0 uses uninitialized data in an snprintf call, leading to Information disclosure. Scope: local bookworm: resolved (fixed in 1:3.1+dfsg-6) bullseye: resolved (fixed in 1:3.1+dfsg-6) forky: resolved (fixed in 1:3.1+dfsg-6) sid: resolved (fixed in 1:3.1+dfsg-6) trixie: resolved (fixed in 1:3.1+dfsg-6)