Multiple vulnerabilities in libslirp
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 3 |
| CVE-ID | CVE-2020-8608 CVE-2020-7211 CVE-2020-7039 |
| CWE-ID | CWE-119 CWE-22 CWE-122 |
| Exploitation vector | Local network |
| Public exploit | N/A |
| Vulnerable software |
libslirp Universal components / Libraries / Libraries used by multiple products |
| Vendor | Freedesktop.org |
Security Bulletin
This security bulletin contains information about 3 vulnerabilities.
Updated: 28.04.2020
Changed bulletin status to patched.
1) Buffer overflow
EUVDB-ID: #VU25456
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2020-8608
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within tcp_subr.c file in libslirp. A local user can pass specially crafted data to the application that is using the affected version of library, trigger memory corruption and execute arbitrary code on the system.
Install update from vendor's website.
Vulnerable software versionslibslirp: 4.1.0
CPE2.3 External linkshttps://gitlab.freedesktop.org/slirp/libslirp/-/tags/v4.1.0
https://gitlab.freedesktop.org/slirp/libslirp/commit/68ccb8021a838066f0951d4b2817eb6b6f10a843
https://www.openwall.com/lists/oss-security/2020/02/06/2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Path traversal
EUVDB-ID: #VU25457
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2020-7211
CWE-ID:
CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Exploit availability: No
DescriptionThe vulnerability allows an attacker to perform directory traversal attacks.
The vulnerability exists due to input validation error when processing directory traversal sequences within tftp.c in libslirp. A remote attacker can send a specially crafted TFPT request and read arbitrary files on the Windows system.
MitigationInstall update from vendor's website.
Vulnerable software versionslibslirp: 4.1.0
CPE2.3 External linkshttps://www.openwall.com/lists/oss-security/2020/01/17/2
https://gitlab.freedesktop.org/slirp/libslirp/commit/14ec36e107a8c9af7d0a80c3571fe39b291ff1d4
https://security-tracker.debian.org/tracker/CVE-2020-7211
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Heap-based buffer overflow
EUVDB-ID: #VU25458
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2020-7039
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows an attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the tcp_emu() function in tcp_subr.c in libslirp. An attacker can issue specially crafted IRC DCC commands in EMU_IRC, trigger heap-based buffer overflow and execute arbitrary code on the target system.
MitigationInstall update from vendor's website.
Vulnerable software versionslibslirp: 4.1.0
CPE2.3 External linkshttps://www.openwall.com/lists/oss-security/2020/01/16/2
https://gitlab.freedesktop.org/slirp/libslirp/commit/2655fffed7a9e765bcb4701dd876e9dab975f289
https://gitlab.freedesktop.org/slirp/libslirp/commit/82ebe9c370a0e2970fb5695aa19aa5214a6a1c80
https://gitlab.freedesktop.org/slirp/libslirp/commit/ce131029d6d4a405cb7d3ac6716d03e58fb4a5d9
https://lists.debian.org/debian-lts-announce/2020/01/msg00022.html
https://lists.debian.org/debian-lts-announce/2020/01/msg00036.html
https://seclists.org/bugtraq/2020/Feb/0
https://www.debian.org/security/2020/dsa-4616
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
