rpm package
opensuse/slirp4netns&distro=openSUSE Leap 15.1
pkg:rpm/opensuse/slirp4netns&distro=openSUSE%20Leap%2015.1
Vulnerabilities (5)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2020-10756 | — | < 0.4.7-lp151.2.12.1 | 0.4.7-lp151.2.12.1 | Jul 9, 2020 | An out-of-bounds read vulnerability was found in the SLiRP networking implementation of the QEMU emulator. This flaw occurs in the icmp6_send_echoreply() routine while replying to an ICMP echo request, also known as ping. This flaw allows a malicious guest to leak the contents of | ||
| CVE-2020-1983 | — | < 0.4.5-lp151.2.9.1 | 0.4.5-lp151.2.9.1 | Apr 22, 2020 | A use after free vulnerability in ip_reass() in ip_input.c of libslirp 4.2.0 and prior releases allows crafted packets to cause a denial of service. | ||
| CVE-2019-10152 | — | < 0.3.0-lp151.2.3.1 | 0.3.0-lp151.2.3.1 | Jul 30, 2019 | A path traversal vulnerability has been discovered in podman before version 1.4.0 in the way it handles symlinks inside containers. An attacker who has compromised an existing container can cause arbitrary files on the host filesystem to be read/written when an administrator trie | ||
| CVE-2018-15664 | — | < 0.3.0-lp151.2.3.1 | 0.3.0-lp151.2.3.1 | May 23, 2019 | In Docker through 18.06.1-ce-rc2, the API endpoints behind the 'docker cp' command are vulnerable to a symlink-exchange attack with Directory Traversal, giving attackers arbitrary read-write access to the host filesystem with root privileges, because daemon/archive.go does not do | ||
| CVE-2019-6778 | — | < 0.3.0-lp151.2.3.1 | 0.3.0-lp151.2.3.1 | Mar 17, 2019 | In QEMU 3.0.0, tcp_emu in slirp/tcp_subr.c has a heap-based buffer overflow. |
- CVE-2020-10756Jul 9, 2020affected < 0.4.7-lp151.2.12.1fixed 0.4.7-lp151.2.12.1
An out-of-bounds read vulnerability was found in the SLiRP networking implementation of the QEMU emulator. This flaw occurs in the icmp6_send_echoreply() routine while replying to an ICMP echo request, also known as ping. This flaw allows a malicious guest to leak the contents of
- CVE-2020-1983Apr 22, 2020affected < 0.4.5-lp151.2.9.1fixed 0.4.5-lp151.2.9.1
A use after free vulnerability in ip_reass() in ip_input.c of libslirp 4.2.0 and prior releases allows crafted packets to cause a denial of service.
- CVE-2019-10152Jul 30, 2019affected < 0.3.0-lp151.2.3.1fixed 0.3.0-lp151.2.3.1
A path traversal vulnerability has been discovered in podman before version 1.4.0 in the way it handles symlinks inside containers. An attacker who has compromised an existing container can cause arbitrary files on the host filesystem to be read/written when an administrator trie
- CVE-2018-15664May 23, 2019affected < 0.3.0-lp151.2.3.1fixed 0.3.0-lp151.2.3.1
In Docker through 18.06.1-ce-rc2, the API endpoints behind the 'docker cp' command are vulnerable to a symlink-exchange attack with Directory Traversal, giving attackers arbitrary read-write access to the host filesystem with root privileges, because daemon/archive.go does not do
- CVE-2019-6778Mar 17, 2019affected < 0.3.0-lp151.2.3.1fixed 0.3.0-lp151.2.3.1
In QEMU 3.0.0, tcp_emu in slirp/tcp_subr.c has a heap-based buffer overflow.