libslirp
by libslirp
CVEs (5)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-14378 | Hig | 0.62 | 8.8 | 0.17 | Jul 29, 2019 | ip_reass in ip_input.c in libslirp 4.0.0 has a heap-based buffer overflow via a large packet because it mishandles a case involving the first fragment. | ||
| CVE-2020-8608 | Med | 0.37 | 5.6 | 0.02 | Feb 6, 2020 | In libslirp 4.1.0, as used in QEMU 4.2.0, tcp_subr.c misuses snprintf return values, leading to a buffer overflow in later code. | ||
| CVE-2020-29130 | Med | 0.28 | 4.3 | 0.02 | Nov 26, 2020 | slirp.c in libslirp through 4.3.1 has a buffer over-read because it tries to read a certain amount of header data even if that exceeds the total packet length. | ||
| CVE-2020-29129 | Med | 0.28 | 4.3 | 0.01 | Nov 26, 2020 | ncsi.c in libslirp through 4.3.1 has a buffer over-read because it tries to read a certain amount of header data even if that exceeds the total packet length. | ||
| CVE-2020-1983 | Hig | 0.00 | 7.5 | 0.02 | Apr 22, 2020 | A use after free vulnerability in ip_reass() in ip_input.c of libslirp 4.2.0 and prior releases allows crafted packets to cause a denial of service. |
- risk 0.62cvss 8.8epss 0.17
ip_reass in ip_input.c in libslirp 4.0.0 has a heap-based buffer overflow via a large packet because it mishandles a case involving the first fragment.
- risk 0.37cvss 5.6epss 0.02
In libslirp 4.1.0, as used in QEMU 4.2.0, tcp_subr.c misuses snprintf return values, leading to a buffer overflow in later code.
- risk 0.28cvss 4.3epss 0.02
slirp.c in libslirp through 4.3.1 has a buffer over-read because it tries to read a certain amount of header data even if that exceeds the total packet length.
- risk 0.28cvss 4.3epss 0.01
ncsi.c in libslirp through 4.3.1 has a buffer over-read because it tries to read a certain amount of header data even if that exceeds the total packet length.
- risk 0.00cvss 7.5epss 0.02
A use after free vulnerability in ip_reass() in ip_input.c of libslirp 4.2.0 and prior releases allows crafted packets to cause a denial of service.