Unrated severityNVD Advisory· Published Sep 6, 2019· Updated Aug 5, 2024

CVE-2019-15890

Description

libslirp 4.0.0, as used in QEMU 4.1.0, has a use-after-free in ip_reass in ip_input.c.

Affected products

140

QEMU/libslirpdescription
osv-coords139 versions
pkg:rpm/almalinux/hivex pkg:rpm/almalinux/hivex-devel pkg:rpm/almalinux/libguestfs-winsupport pkg:rpm/almalinux/libiscsi pkg:rpm/almalinux/libiscsi-devel pkg:rpm/almalinux/libiscsi-utils pkg:rpm/almalinux/libnbd pkg:rpm/almalinux/libnbd-devel pkg:rpm/almalinux/libvirt pkg:rpm/almalinux/libvirt-admin pkg:rpm/almalinux/libvirt-bash-completion pkg:rpm/almalinux/libvirt-client pkg:rpm/almalinux/libvirt-daemon pkg:rpm/almalinux/libvirt-daemon-config-network pkg:rpm/almalinux/libvirt-daemon-config-nwfilter pkg:rpm/almalinux/libvirt-daemon-driver-interface pkg:rpm/almalinux/libvirt-daemon-driver-network pkg:rpm/almalinux/libvirt-daemon-driver-nodedev pkg:rpm/almalinux/libvirt-daemon-driver-nwfilter pkg:rpm/almalinux/libvirt-daemon-driver-secret pkg:rpm/almalinux/libvirt-daemon-driver-storage pkg:rpm/almalinux/libvirt-daemon-driver-storage-core pkg:rpm/almalinux/libvirt-daemon-driver-storage-disk pkg:rpm/almalinux/libvirt-daemon-driver-storage-iscsi pkg:rpm/almalinux/libvirt-daemon-driver-storage-iscsi-direct pkg:rpm/almalinux/libvirt-daemon-driver-storage-logical pkg:rpm/almalinux/libvirt-daemon-driver-storage-mpath pkg:rpm/almalinux/libvirt-daemon-driver-storage-rbd pkg:rpm/almalinux/libvirt-daemon-driver-storage-scsi pkg:rpm/almalinux/libvirt-dbus pkg:rpm/almalinux/libvirt-devel pkg:rpm/almalinux/libvirt-docs pkg:rpm/almalinux/libvirt-libs pkg:rpm/almalinux/libvirt-nss pkg:rpm/almalinux/nbdfuse pkg:rpm/almalinux/nbdkit pkg:rpm/almalinux/nbdkit-bash-completion pkg:rpm/almalinux/nbdkit-basic-filters pkg:rpm/almalinux/nbdkit-basic-plugins pkg:rpm/almalinux/nbdkit-curl-plugin pkg:rpm/almalinux/nbdkit-devel pkg:rpm/almalinux/nbdkit-example-plugins pkg:rpm/almalinux/nbdkit-gzip-plugin pkg:rpm/almalinux/nbdkit-linuxdisk-plugin pkg:rpm/almalinux/nbdkit-python-plugin pkg:rpm/almalinux/nbdkit-server pkg:rpm/almalinux/nbdkit-ssh-plugin pkg:rpm/almalinux/nbdkit-vddk-plugin pkg:rpm/almalinux/nbdkit-xz-filter pkg:rpm/almalinux/netcf pkg:rpm/almalinux/netcf-devel pkg:rpm/almalinux/netcf-libs pkg:rpm/almalinux/ocaml-hivex pkg:rpm/almalinux/ocaml-hivex-devel pkg:rpm/almalinux/ocaml-libguestfs pkg:rpm/almalinux/ocaml-libguestfs-devel pkg:rpm/almalinux/ocaml-libnbd pkg:rpm/almalinux/ocaml-libnbd-devel pkg:rpm/almalinux/perl-hivex pkg:rpm/almalinux/perl-Sys-Virt pkg:rpm/almalinux/python3-hivex pkg:rpm/almalinux/python3-libnbd pkg:rpm/almalinux/python3-libvirt pkg:rpm/almalinux/ruby-hivex pkg:rpm/almalinux/seabios pkg:rpm/almalinux/seabios-bin pkg:rpm/almalinux/seavgabios-bin pkg:rpm/almalinux/sgabios pkg:rpm/almalinux/sgabios-bin pkg:rpm/almalinux/supermin pkg:rpm/almalinux/supermin-devel pkg:rpm/opensuse/qemu&distro=openSUSE%20Leap%2015.1 pkg:rpm/opensuse/qemu&distro=openSUSE%20Leap%2015.2 pkg:rpm/opensuse/qemu&distro=openSUSE%20Leap%2015.3 pkg:rpm/opensuse/qemu&distro=openSUSE%20Tumbleweed pkg:rpm/opensuse/qemu-linux-user&distro=openSUSE%20Leap%2015.1 pkg:rpm/opensuse/qemu-linux-user&distro=openSUSE%20Leap%2015.2 pkg:rpm/opensuse/qemu-testsuite&distro=openSUSE%20Leap%2015.2 pkg:rpm/suse/kvm&distro=SUSE%20Linux%20Enterprise%20Point%20of%20Sale%2011%20SP3 pkg:rpm/suse/kvm&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4-LTSS pkg:rpm/suse/qemu&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/qemu&distro=SUSE%20Enterprise%20Storage%205 pkg:rpm/suse/qemu&distro=SUSE%20Enterprise%20Storage%206 pkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-ESPOS pkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSS pkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOS pkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSS pkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20Micro%205.0 pkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP1 pkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP2 pkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP3 pkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP1 pkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP2 pkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP3 pkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1-LTSS pkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCL pkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-LTSS pkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-BCL pkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-LTSS pkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4-LTSS pkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5 pkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-BCL pkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSS pkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20Server%2015-LTSS pkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1 pkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2 pkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3 pkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4 pkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5 pkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015 pkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1 pkg:rpm/suse/qemu&distro=SUSE%20Manager%20Proxy%204.0 pkg:rpm/suse/qemu&distro=SUSE%20Manager%20Retail%20Branch%20Server%204.0 pkg:rpm/suse/qemu&distro=SUSE%20Manager%20Server%204.0 pkg:rpm/suse/qemu&distro=SUSE%20OpenStack%20Cloud%207 pkg:rpm/suse/qemu&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/qemu&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/qemu&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/qemu&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209 pkg:rpm/suse/xen&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/xen&distro=SUSE%20Enterprise%20Storage%204 pkg:rpm/suse/xen&distro=SUSE%20Enterprise%20Storage%205 pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP4 pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Point%20of%20Sale%2011%20SP3 pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4-LTSS pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1-LTSS pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCL pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-LTSS pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-BCL pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-LTSS pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4 pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1 pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2 pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3 pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4 pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP4 pkg:rpm/suse/xen&distro=SUSE%20OpenStack%20Cloud%207 pkg:rpm/suse/xen&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/xen&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208
< 1.3.18-20.module_el8.3.0+2048+e7a0a3ea+ 138 more
- (no CPE)range: < 1.3.18-20.module_el8.3.0+2048+e7a0a3ea
- (no CPE)range: < 1.3.18-20.module_el8.3.0+2048+e7a0a3ea
- (no CPE)range: < 8.2-1.module_el8.5.0+2608+72063365
- (no CPE)range: < 1.18.0-8.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 1.18.0-8.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 1.18.0-8.module_el8.3.0+2048+e7a0a3ea
- (no CPE)range: < 1.2.2-1.module_el8.5.0+2608+72063365
- (no CPE)range: < 1.2.2-1.module_el8.3.0+2048+e7a0a3ea
- (no CPE)range: < 6.0.0-28.module_el8.3.0+2048+e7a0a3ea
- (no CPE)range: < 6.0.0-28.module_el8.3.0+2048+e7a0a3ea
- (no CPE)range: < 6.0.0-28.module_el8.3.0+2048+e7a0a3ea
- (no CPE)range: < 6.0.0-28.module_el8.3.0+2048+e7a0a3ea
- (no CPE)range: < 6.0.0-28.module_el8.3.0+2048+e7a0a3ea
- (no CPE)range: < 6.0.0-28.module_el8.3.0+2048+e7a0a3ea
- (no CPE)range: < 6.0.0-28.module_el8.3.0+2048+e7a0a3ea
- (no CPE)range: < 6.0.0-28.module_el8.3.0+2048+e7a0a3ea
- (no CPE)range: < 6.0.0-28.module_el8.3.0+2048+e7a0a3ea
- (no CPE)range: < 6.0.0-28.module_el8.3.0+2048+e7a0a3ea
- (no CPE)range: < 6.0.0-28.module_el8.3.0+2048+e7a0a3ea
- (no CPE)range: < 6.0.0-28.module_el8.3.0+2048+e7a0a3ea
- (no CPE)range: < 6.0.0-28.module_el8.3.0+2048+e7a0a3ea
- (no CPE)range: < 6.0.0-28.module_el8.3.0+2048+e7a0a3ea
- (no CPE)range: < 6.0.0-28.module_el8.3.0+2048+e7a0a3ea
- (no CPE)range: < 6.0.0-28.module_el8.3.0+2048+e7a0a3ea
- (no CPE)range: < 6.0.0-28.module_el8.3.0+2048+e7a0a3ea
- (no CPE)range: < 6.0.0-28.module_el8.3.0+2048+e7a0a3ea
- (no CPE)range: < 6.0.0-28.module_el8.3.0+2048+e7a0a3ea
- (no CPE)range: < 6.0.0-28.module_el8.3.0+2048+e7a0a3ea
- (no CPE)range: < 6.0.0-28.module_el8.3.0+2048+e7a0a3ea
- (no CPE)range: < 1.3.0-2.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 6.0.0-28.module_el8.3.0+2048+e7a0a3ea
- (no CPE)range: < 6.0.0-28.module_el8.3.0+2048+e7a0a3ea
- (no CPE)range: < 6.0.0-28.module_el8.3.0+2048+e7a0a3ea
- (no CPE)range: < 6.0.0-28.module_el8.3.0+2048+e7a0a3ea
- (no CPE)range: < 1.2.2-1.module_el8.3.0+2048+e7a0a3ea
- (no CPE)range: < 1.16.2-4.module_el8.5.0+2608+72063365
- (no CPE)range: < 1.16.2-4.module_el8.5.0+2608+72063365
- (no CPE)range: < 1.16.2-4.module_el8.5.0+2608+72063365
- (no CPE)range: < 1.16.2-4.module_el8.5.0+2608+72063365
- (no CPE)range: < 1.16.2-4.module_el8.5.0+2608+72063365
- (no CPE)range: < 1.16.2-4.module_el8.5.0+2608+72063365
- (no CPE)range: < 1.16.2-4.module_el8.5.0+2608+72063365
- (no CPE)range: < 1.16.2-4.module_el8.5.0+2608+72063365
- (no CPE)range: < 1.16.2-4.module_el8.5.0+2608+72063365
- (no CPE)range: < 1.16.2-4.module_el8.5.0+2608+72063365
- (no CPE)range: < 1.16.2-4.module_el8.5.0+2608+72063365
- (no CPE)range: < 1.16.2-4.module_el8.5.0+2608+72063365
- (no CPE)range: < 1.16.2-4.module_el8.5.0+2608+72063365
- (no CPE)range: < 1.16.2-4.module_el8.5.0+2608+72063365
- (no CPE)range: < 0.2.8-12.module_el8.5.0+2608+72063365
- (no CPE)range: < 0.2.8-12.module_el8.3.0+2048+e7a0a3ea
- (no CPE)range: < 0.2.8-12.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 1.3.18-20.module_el8.3.0+2048+e7a0a3ea
- (no CPE)range: < 1.3.18-20.module_el8.3.0+2048+e7a0a3ea
- (no CPE)range: < 1:1.40.2-25.module_el8.3.0+2048+e7a0a3ea.alma
- (no CPE)range: < 1:1.40.2-25.module_el8.3.0+2048+e7a0a3ea.alma
- (no CPE)range: < 1.2.2-1.module_el8.3.0+2048+e7a0a3ea
- (no CPE)range: < 1.2.2-1.module_el8.3.0+2048+e7a0a3ea
- (no CPE)range: < 1.3.18-20.module_el8.3.0+2048+e7a0a3ea
- (no CPE)range: < 6.0.0-1.module_el8.5.0+2608+72063365
- (no CPE)range: < 1.3.18-20.module_el8.3.0+2048+e7a0a3ea
- (no CPE)range: < 1.2.2-1.module_el8.5.0+2608+72063365
- (no CPE)range: < 6.0.0-1.module_el8.3.0+2048+e7a0a3ea
- (no CPE)range: < 1.3.18-20.module_el8.3.0+2048+e7a0a3ea
- (no CPE)range: < 1.13.0-2.module_el8.5.0+2608+72063365
- (no CPE)range: < 1.13.0-2.module_el8.5.0+2608+72063365
- (no CPE)range: < 1.13.0-2.module_el8.5.0+2608+72063365
- (no CPE)range: < 1:0.20170427git-3.module_el8.5.0+2608+72063365
- (no CPE)range: < 1:0.20170427git-3.module_el8.5.0+2608+72063365
- (no CPE)range: < 5.1.19-10.module_el8.5.0+2608+72063365
- (no CPE)range: < 5.1.19-10.module_el8.5.0+2608+72063365
- (no CPE)range: < 3.1.1.1-lp151.7.6.1
- (no CPE)range: < 4.2.1-lp152.9.16.2
- (no CPE)range: < 5.2.0-17.1
- (no CPE)range: < 6.1.0-32.1
- (no CPE)range: < 3.1.1.1-lp151.7.6.1
- (no CPE)range: < 4.2.1-lp152.9.16.1
- (no CPE)range: < 4.2.1-lp152.9.16.7
- (no CPE)range: < 1.4.2-53.38.1
- (no CPE)range: < 1.4.2-60.31.1
- (no CPE)range: < 2.9.1-6.44.1
- (no CPE)range: < 2.9.1-6.44.1
- (no CPE)range: < 3.1.1.1-9.27.2
- (no CPE)range: < 3.1.1.1-9.27.2
- (no CPE)range: < 3.1.1.1-9.27.2
- (no CPE)range: < 2.11.2-9.46.1
- (no CPE)range: < 2.11.2-9.46.1
- (no CPE)range: < 4.2.1-11.19.2
- (no CPE)range: < 3.1.1.1-9.6.2
- (no CPE)range: < 4.2.1-11.19.2
- (no CPE)range: < 5.2.0-17.1
- (no CPE)range: < 3.1.1.1-9.6.2
- (no CPE)range: < 4.2.1-11.19.2
- (no CPE)range: < 5.2.0-17.1
- (no CPE)range: < 2.3.1-33.29.1
- (no CPE)range: < 2.6.2-41.59.1
- (no CPE)range: < 2.6.2-41.59.1
- (no CPE)range: < 2.9.1-6.44.1
- (no CPE)range: < 2.9.1-6.44.1
- (no CPE)range: < 2.11.2-5.32.1
- (no CPE)range: < 3.1.1.1-51.1
- (no CPE)range: < 3.1.1.1-9.27.2
- (no CPE)range: < 3.1.1.1-9.27.2
- (no CPE)range: < 2.11.2-9.46.1
- (no CPE)range: < 2.3.1-33.29.1
- (no CPE)range: < 2.6.2-41.59.1
- (no CPE)range: < 2.9.1-6.44.1
- (no CPE)range: < 2.11.2-5.32.1
- (no CPE)range: < 3.1.1.1-51.1
- (no CPE)range: < 2.11.2-9.46.1
- (no CPE)range: < 3.1.1.1-9.27.2
- (no CPE)range: < 3.1.1.1-9.27.2
- (no CPE)range: < 3.1.1.1-9.27.2
- (no CPE)range: < 3.1.1.1-9.27.2
- (no CPE)range: < 2.6.2-41.59.1
- (no CPE)range: < 2.9.1-6.44.1
- (no CPE)range: < 2.11.2-5.32.1
- (no CPE)range: < 2.9.1-6.44.1
- (no CPE)range: < 2.11.2-5.32.1
- (no CPE)range: < 4.9.4_04-3.56.2
- (no CPE)range: < 4.7.6_06-43.54.2
- (no CPE)range: < 4.9.4_04-3.56.2
- (no CPE)range: < 4.11.2_02-2.14.2
- (no CPE)range: < 4.2.5_21-45.33.1
- (no CPE)range: < 4.4.4_40-61.49.1
- (no CPE)range: < 4.5.5_28-22.64.1
- (no CPE)range: < 4.7.6_06-43.54.2
- (no CPE)range: < 4.7.6_06-43.54.2
- (no CPE)range: < 4.9.4_04-3.56.2
- (no CPE)range: < 4.9.4_04-3.56.2
- (no CPE)range: < 4.11.2_02-2.14.2
- (no CPE)range: < 4.5.5_28-22.64.1
- (no CPE)range: < 4.7.6_06-43.54.2
- (no CPE)range: < 4.9.4_04-3.56.2
- (no CPE)range: < 4.11.2_02-2.14.2
- (no CPE)range: < 4.11.2_02-2.14.2
- (no CPE)range: < 4.7.6_06-43.54.2
- (no CPE)range: < 4.9.4_04-3.56.2
- (no CPE)range: < 4.9.4_04-3.56.2

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

lists.opensuse.org/opensuse-security-announce/2019-11/msg00034.htmlmitrevendor-advisoryx_refsource_SUSE
access.redhat.com/errata/RHSA-2020:0775mitrevendor-advisoryx_refsource_REDHAT
usn.ubuntu.com/4191-1/mitrevendor-advisoryx_refsource_UBUNTU
usn.ubuntu.com/4191-2/mitrevendor-advisoryx_refsource_UBUNTU
www.debian.org/security/2020/dsa-4616mitrevendor-advisoryx_refsource_DEBIAN
www.openwall.com/lists/oss-security/2019/09/06/3mitrex_refsource_CONFIRM
gitlab.freedesktop.org/slirp/libslirp/commit/c5927943mitrex_refsource_MISC
lists.debian.org/debian-lts-announce/2019/09/msg00021.htmlmitremailing-listx_refsource_MLIST
seclists.org/bugtraq/2020/Feb/0mitremailing-listx_refsource_BUGTRAQ

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000