#VU20964 Use-after-free in libslirp


Published: 2019-09-10 | Updated: 2020-04-28

Vulnerability identifier: #VU20964

Vulnerability risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-15890

CWE-ID: CWE-416

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
libslirp
Universal components / Libraries / Libraries used by multiple products

Vendor: Freedesktop.org

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists in "ip_reass()" routine in "ip_input.c" file while reassembling incoming packets, if the first fragment is bigger than the m->m_dat[] buffer. A remote attacker can send a specially crafted packet and cause the application to crash.


Mitigation
Install update from vendor's website.

Vulnerable software versions

libslirp: 4.0.0

External links
http://www.openwall.com/lists/oss-security/2019/09/06/3
http://gitlab.freedesktop.org/slirp/libslirp/commit/c5927943

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Amazon Linux AMI update for qemu-kvm
Multiple vulnerabilities in Juniper Junos Space
Amazon Linux AMI update for qemu-kvm
Red Hat Enterprise Linux 8 update for the virt:rhel and virt-devel:rhel modules
Red Hat Enterprise Linux 7 Extras update for slirp4netns
Red Hat Enterprise Linux 6 update for qemu-kvm
CentOS 6 update for qemu-kvm
Debian update for qemu
Ubuntu update for QEMU
OpenSUSE Linux update for qemu