Search CVE reports
11 – 13 of 13 results
CVE-2020-7039
Medium prioritySome fixes available 7 of 10
tcp_emu in tcp_subr.c in libslirp 4.1.0, as used in QEMU 4.2.0, mismanages memory, as demonstrated by IRC DCC commands in EMU_IRC. This can cause a heap-based buffer overflow or other out-of-bounds access which can lead to a DoS...
4 affected packages
libslirp, qemu, qemu-kvm, slirp
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libslirp | Not affected | Not affected | Not affected | Not in release | Not in release |
qemu | Not affected | Not affected | Not affected | Fixed | Fixed |
qemu-kvm | Not in release | Not in release | Not in release | Not in release | Not in release |
slirp | Not affected | Not affected | Not affected | Fixed | Fixed |
CVE-2019-15890
Low prioritySome fixes available 15 of 139
libslirp 4.0.0, as used in QEMU 4.1.0, has a use-after-free in ip_reass in ip_input.c.
20 affected packages
android, basilisk2, bochs, fs-uae, libslirp...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
android | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
basilisk2 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
bochs | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
fs-uae | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
libslirp | Not affected | Not affected | Not affected | Not in release | Not in release |
ns3 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
qemu | Fixed | Fixed | Fixed | Fixed | Fixed |
qemu-kvm | Not in release | Not in release | Not in release | Not in release | Not in release |
qemu-kvm-spice | Not in release | Not in release | Not in release | Not in release | Not in release |
qemu-linaro | Not in release | Not in release | Not in release | Not in release | Not in release |
redboot-imx | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
slirp | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
slirp4netns | Not affected | Not affected | Not affected | Not in release | Not in release |
vde2 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
virtualbox | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
virtualbox-hwe | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
virtualbox-lts-vivid | Not in release | Not in release | Not in release | Not in release | Not in release |
virtualbox-lts-wily | Not in release | Not in release | Not in release | Not in release | Not in release |
virtualbox-lts-xenial | Not in release | Not in release | Not in release | Not in release | Not in release |
xen | Not affected | Not affected | Not affected | Not affected | Not affected |
CVE-2019-14378
Low prioritySome fixes available 15 of 93
ip_reass in ip_input.c in libslirp 4.0.0 has a heap-based buffer overflow via a large packet because it mishandles a case involving the first fragment.
13 affected packages
android, basilisk2, bochs, fs-uae, libslirp...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
android | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
basilisk2 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
bochs | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
fs-uae | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
libslirp | Not affected | Not affected | Not affected | Not in release | Not in release |
qemu | Fixed | Fixed | Fixed | Fixed | Fixed |
qemu-kvm | Not in release | Not in release | Not in release | Not in release | Not in release |
qemu-kvm-spice | Not in release | Not in release | Not in release | Not in release | Not in release |
qemu-linaro | Not in release | Not in release | Not in release | Not in release | Not in release |
slirp | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
slirp4netns | Not affected | Not affected | Not affected | Not in release | Not in release |
vde2 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
xen | Not affected | Not affected | Not affected | Not affected | Not affected |