Medium severity6.5OSV Advisory· Published Jul 9, 2020· Updated Jun 17, 2026
CVE-2020-10756
CVE-2020-10756
Description
An out-of-bounds read vulnerability was found in the SLiRP networking implementation of the QEMU emulator. This flaw occurs in the icmp6_send_echoreply() routine while replying to an ICMP echo request, also known as ping. This flaw allows a malicious guest to leak the contents of the host memory, resulting in possible information disclosure. This flaw affects versions of libslirp before 4.3.1.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
88- Range: release_0_10_0, release_0_10_1, release_0_10_2, …
- osv-coords86 versionspkg:rpm/almalinux/hivexpkg:rpm/almalinux/hivex-develpkg:rpm/almalinux/libguestfs-winsupportpkg:rpm/almalinux/libiscsipkg:rpm/almalinux/libiscsi-develpkg:rpm/almalinux/libiscsi-utilspkg:rpm/almalinux/libnbdpkg:rpm/almalinux/libnbd-develpkg:rpm/almalinux/libslirppkg:rpm/almalinux/libslirp-develpkg:rpm/almalinux/libvirt-dbuspkg:rpm/almalinux/nbdfusepkg:rpm/almalinux/nbdkitpkg:rpm/almalinux/nbdkit-bash-completionpkg:rpm/almalinux/nbdkit-basic-filterspkg:rpm/almalinux/nbdkit-basic-pluginspkg:rpm/almalinux/nbdkit-curl-pluginpkg:rpm/almalinux/nbdkit-develpkg:rpm/almalinux/nbdkit-example-pluginspkg:rpm/almalinux/nbdkit-gzip-pluginpkg:rpm/almalinux/nbdkit-linuxdisk-pluginpkg:rpm/almalinux/nbdkit-python-pluginpkg:rpm/almalinux/nbdkit-serverpkg:rpm/almalinux/nbdkit-ssh-pluginpkg:rpm/almalinux/nbdkit-vddk-pluginpkg:rpm/almalinux/nbdkit-xz-filterpkg:rpm/almalinux/netcfpkg:rpm/almalinux/netcf-develpkg:rpm/almalinux/netcf-libspkg:rpm/almalinux/ocaml-hivexpkg:rpm/almalinux/ocaml-hivex-develpkg:rpm/almalinux/ocaml-libguestfspkg:rpm/almalinux/ocaml-libguestfs-develpkg:rpm/almalinux/ocaml-libnbdpkg:rpm/almalinux/ocaml-libnbd-develpkg:rpm/almalinux/perl-hivexpkg:rpm/almalinux/perl-Sys-Virtpkg:rpm/almalinux/python3-hivexpkg:rpm/almalinux/python3-libnbdpkg:rpm/almalinux/python3-libvirtpkg:rpm/almalinux/python-podman-apipkg:rpm/almalinux/ruby-hivexpkg:rpm/almalinux/seabiospkg:rpm/almalinux/seabios-binpkg:rpm/almalinux/seavgabios-binpkg:rpm/almalinux/sgabiospkg:rpm/almalinux/sgabios-binpkg:rpm/almalinux/superminpkg:rpm/almalinux/supermin-develpkg:rpm/opensuse/libslirp&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/qemu&distro=openSUSE%20Leap%2015.2pkg:rpm/opensuse/qemu-linux-user&distro=openSUSE%20Leap%2015.2pkg:rpm/opensuse/qemu-testsuite&distro=openSUSE%20Leap%2015.2pkg:rpm/opensuse/slirp4netns&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/slirp4netns&distro=openSUSE%20Leap%2015.2pkg:rpm/suse/qemu&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/qemu&distro=SUSE%20Enterprise%20Storage%206pkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-ESPOSpkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSSpkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOSpkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSSpkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20Micro%205.0pkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP2pkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP2pkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCLpkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-BCLpkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-LTSSpkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4-LTSSpkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-BCLpkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSSpkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20Server%2015-LTSSpkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015pkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1pkg:rpm/suse/qemu&distro=SUSE%20Manager%20Proxy%204.0pkg:rpm/suse/qemu&distro=SUSE%20Manager%20Retail%20Branch%20Server%204.0pkg:rpm/suse/qemu&distro=SUSE%20Manager%20Server%204.0pkg:rpm/suse/qemu&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/qemu&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/qemu&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/qemu&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/slirp4netns&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Containers%2015%20SP1pkg:rpm/suse/slirp4netns&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Containers%2015%20SP2
< 1.3.18-20.module_el8.3.0+2048+e7a0a3ea+ 85 more
- (no CPE)range: < 1.3.18-20.module_el8.3.0+2048+e7a0a3ea
- (no CPE)range: < 1.3.18-20.module_el8.3.0+2048+e7a0a3ea
- (no CPE)range: < 8.2-1.module_el8.5.0+2608+72063365
- (no CPE)range: < 1.18.0-8.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 1.18.0-8.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 1.18.0-8.module_el8.3.0+2048+e7a0a3ea
- (no CPE)range: < 1.2.2-1.module_el8.5.0+2608+72063365
- (no CPE)range: < 1.2.2-1.module_el8.3.0+2048+e7a0a3ea
- (no CPE)range: < 4.3.1-1.module_el8.6.0+2876+9ed4eae2
- (no CPE)range: < 4.3.1-1.module_el8.6.0+2876+9ed4eae2
- (no CPE)range: < 1.3.0-2.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 1.2.2-1.module_el8.3.0+2048+e7a0a3ea
- (no CPE)range: < 1.16.2-4.module_el8.5.0+2608+72063365
- (no CPE)range: < 1.16.2-4.module_el8.5.0+2608+72063365
- (no CPE)range: < 1.16.2-4.module_el8.5.0+2608+72063365
- (no CPE)range: < 1.16.2-4.module_el8.5.0+2608+72063365
- (no CPE)range: < 1.16.2-4.module_el8.5.0+2608+72063365
- (no CPE)range: < 1.16.2-4.module_el8.5.0+2608+72063365
- (no CPE)range: < 1.16.2-4.module_el8.5.0+2608+72063365
- (no CPE)range: < 1.16.2-4.module_el8.5.0+2608+72063365
- (no CPE)range: < 1.16.2-4.module_el8.5.0+2608+72063365
- (no CPE)range: < 1.16.2-4.module_el8.5.0+2608+72063365
- (no CPE)range: < 1.16.2-4.module_el8.5.0+2608+72063365
- (no CPE)range: < 1.16.2-4.module_el8.5.0+2608+72063365
- (no CPE)range: < 1.16.2-4.module_el8.5.0+2608+72063365
- (no CPE)range: < 1.16.2-4.module_el8.5.0+2608+72063365
- (no CPE)range: < 0.2.8-12.module_el8.5.0+2608+72063365
- (no CPE)range: < 0.2.8-12.module_el8.3.0+2048+e7a0a3ea
- (no CPE)range: < 0.2.8-12.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 1.3.18-20.module_el8.3.0+2048+e7a0a3ea
- (no CPE)range: < 1.3.18-20.module_el8.3.0+2048+e7a0a3ea
- (no CPE)range: < 1:1.40.2-25.module_el8.3.0+2048+e7a0a3ea.alma
- (no CPE)range: < 1:1.40.2-25.module_el8.3.0+2048+e7a0a3ea.alma
- (no CPE)range: < 1.2.2-1.module_el8.3.0+2048+e7a0a3ea
- (no CPE)range: < 1.2.2-1.module_el8.3.0+2048+e7a0a3ea
- (no CPE)range: < 1.3.18-20.module_el8.3.0+2048+e7a0a3ea
- (no CPE)range: < 6.0.0-1.module_el8.5.0+2608+72063365
- (no CPE)range: < 1.3.18-20.module_el8.3.0+2048+e7a0a3ea
- (no CPE)range: < 1.2.2-1.module_el8.5.0+2608+72063365
- (no CPE)range: < 6.0.0-1.module_el8.3.0+2048+e7a0a3ea
- (no CPE)range: < 1.2.0-0.2.gitd0a45fe.module_el8.5.0+2635+e4386a39
- (no CPE)range: < 1.3.18-20.module_el8.3.0+2048+e7a0a3ea
- (no CPE)range: < 1.13.0-2.module_el8.5.0+2608+72063365
- (no CPE)range: < 1.13.0-2.module_el8.5.0+2608+72063365
- (no CPE)range: < 1.13.0-2.module_el8.5.0+2608+72063365
- (no CPE)range: < 1:0.20170427git-3.module_el8.5.0+2608+72063365
- (no CPE)range: < 1:0.20170427git-3.module_el8.5.0+2608+72063365
- (no CPE)range: < 5.1.19-10.module_el8.5.0+2608+72063365
- (no CPE)range: < 5.1.19-10.module_el8.5.0+2608+72063365
- (no CPE)range: < 4.6.1+7-1.2
- (no CPE)range: < 4.2.1-lp152.9.16.2
- (no CPE)range: < 4.2.1-lp152.9.16.1
- (no CPE)range: < 4.2.1-lp152.9.16.7
- (no CPE)range: < 0.4.7-lp151.2.12.1
- (no CPE)range: < 0.4.7-lp152.2.3.1
- (no CPE)range: < 2.9.1-6.50.1
- (no CPE)range: < 3.1.1.1-9.27.2
- (no CPE)range: < 3.1.1.1-9.27.2
- (no CPE)range: < 3.1.1.1-9.27.2
- (no CPE)range: < 2.11.2-9.46.1
- (no CPE)range: < 2.11.2-9.46.1
- (no CPE)range: < 4.2.1-11.19.2
- (no CPE)range: < 4.2.1-11.19.2
- (no CPE)range: < 4.2.1-11.19.2
- (no CPE)range: < 2.6.2-41.65.1
- (no CPE)range: < 2.9.1-6.50.1
- (no CPE)range: < 2.9.1-6.50.1
- (no CPE)range: < 2.11.2-5.32.1
- (no CPE)range: < 3.1.1.1-51.1
- (no CPE)range: < 3.1.1.1-9.27.2
- (no CPE)range: < 3.1.1.1-9.27.2
- (no CPE)range: < 2.11.2-9.46.1
- (no CPE)range: < 2.9.1-6.50.1
- (no CPE)range: < 2.11.2-5.32.1
- (no CPE)range: < 3.1.1.1-51.1
- (no CPE)range: < 2.11.2-9.46.1
- (no CPE)range: < 3.1.1.1-9.27.2
- (no CPE)range: < 3.1.1.1-9.27.2
- (no CPE)range: < 3.1.1.1-9.27.2
- (no CPE)range: < 3.1.1.1-9.27.2
- (no CPE)range: < 2.9.1-6.50.1
- (no CPE)range: < 2.11.2-5.32.1
- (no CPE)range: < 2.9.1-6.50.1
- (no CPE)range: < 2.11.2-5.32.1
- (no CPE)range: < 0.4.7-3.12.1
- (no CPE)range: < 0.4.7-3.12.1
Patches
Vulnerability mechanics
References
10- bugzilla.redhat.com/show_bug.cginvdIssue TrackingPatchThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2020-07/msg00035.htmlnvdMailing ListThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2020-07/msg00040.htmlnvdMailing ListThird Party Advisory
- lists.debian.org/debian-lts-announce/2020/07/msg00020.htmlnvdMailing ListThird Party Advisory
- security.netapp.com/advisory/ntap-20201001-0001/nvdThird Party Advisory
- usn.ubuntu.com/4437-1/nvdThird Party Advisory
- usn.ubuntu.com/4467-1/nvdThird Party Advisory
- www.debian.org/security/2020/dsa-4728nvdMailing ListThird Party Advisory
- www.zerodayinitiative.com/advisories/ZDI-20-1005/nvdThird Party AdvisoryVDB Entry
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JYTZ32P67PZER6P7TW6FQK3SZRKQLVEI/nvd
News mentions
0No linked articles in our index yet.