Multiple vulnerabilities in libslirp
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 3 |
| CVE-ID | CVE-2020-8608 CVE-2020-7211 CVE-2020-7039 |
| CWE-ID | CWE-119 CWE-22 CWE-122 |
| Exploitation vector | Local network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
libslirp Universal components / Libraries / Libraries used by multiple products |
| Vendor | Freedesktop.org |
Security Bulletin
This security bulletin contains information about 3 vulnerabilities.
Updated: 28.04.2020
Changed bulletin status to patched.
1) Buffer overflow
EUVDB-ID: #VU25456
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2020-8608
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within tcp_subr.c file in libslirp. A local user can pass specially crafted data to the application that is using the affected version of library, trigger memory corruption and execute arbitrary code on the system.
Install update from vendor's website.
Vulnerable software versionslibslirp: 4.1.0
CPE2.3 External linkshttp://gitlab.freedesktop.org/slirp/libslirp/-/tags/v4.1.0
http://gitlab.freedesktop.org/slirp/libslirp/commit/68ccb8021a838066f0951d4b2817eb6b6f10a843
http://www.openwall.com/lists/oss-security/2020/02/06/2
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
2) Path traversal
EUVDB-ID: #VU25457
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2020-7211
CWE-ID:
CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Exploit availability: No
DescriptionThe vulnerability allows an attacker to perform directory traversal attacks.
The vulnerability exists due to input validation error when processing directory traversal sequences within tftp.c in libslirp. A remote attacker can send a specially crafted TFPT request and read arbitrary files on the Windows system.
MitigationInstall update from vendor's website.
Vulnerable software versionslibslirp: 4.1.0
CPE2.3 External linkshttp://www.openwall.com/lists/oss-security/2020/01/17/2
http://gitlab.freedesktop.org/slirp/libslirp/commit/14ec36e107a8c9af7d0a80c3571fe39b291ff1d4
http://security-tracker.debian.org/tracker/CVE-2020-7211
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
3) Heap-based buffer overflow
EUVDB-ID: #VU25458
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2020-7039
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows an attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the tcp_emu() function in tcp_subr.c in libslirp. An attacker can issue specially crafted IRC DCC commands in EMU_IRC, trigger heap-based buffer overflow and execute arbitrary code on the target system.
MitigationInstall update from vendor's website.
Vulnerable software versionslibslirp: 4.1.0
CPE2.3 External linkshttp://www.openwall.com/lists/oss-security/2020/01/16/2
http://gitlab.freedesktop.org/slirp/libslirp/commit/2655fffed7a9e765bcb4701dd876e9dab975f289
http://gitlab.freedesktop.org/slirp/libslirp/commit/82ebe9c370a0e2970fb5695aa19aa5214a6a1c80
http://gitlab.freedesktop.org/slirp/libslirp/commit/ce131029d6d4a405cb7d3ac6716d03e58fb4a5d9
http://lists.debian.org/debian-lts-announce/2020/01/msg00022.html
http://lists.debian.org/debian-lts-announce/2020/01/msg00036.html
http://seclists.org/bugtraq/2020/Feb/0
http://www.debian.org/security/2020/dsa-4616
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
