#VU25458 Heap-based buffer overflow in libslirp - CVE-2020-7039
Published: February 19, 2020 / Updated: April 28, 2020
Vulnerability identifier: #VU25458
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2020-7039
CWE-ID: CWE-122
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
libslirp
libslirp
Software vendor:
Freedesktop.org
Freedesktop.org
Description
The vulnerability allows an attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the tcp_emu() function in tcp_subr.c in libslirp. An attacker can issue specially crafted IRC DCC commands in EMU_IRC, trigger heap-based buffer overflow and execute arbitrary code on the target system.
Remediation
Install update from vendor's website.
External links
- http://www.openwall.com/lists/oss-security/2020/01/16/2
- https://gitlab.freedesktop.org/slirp/libslirp/commit/2655fffed7a9e765bcb4701dd876e9dab975f289
- https://gitlab.freedesktop.org/slirp/libslirp/commit/82ebe9c370a0e2970fb5695aa19aa5214a6a1c80
- https://gitlab.freedesktop.org/slirp/libslirp/commit/ce131029d6d4a405cb7d3ac6716d03e58fb4a5d9
- https://lists.debian.org/debian-lts-announce/2020/01/msg00022.html
- https://lists.debian.org/debian-lts-announce/2020/01/msg00036.html
- https://seclists.org/bugtraq/2020/Feb/0
- https://www.debian.org/security/2020/dsa-4616