ip_reass in ip_input.c in libslirp 4.0.0 has a heap-based buffer overflow via a large packet because it mishandles a case involving the first fragment.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.09069.

Key SSVC decision points have not yet been added.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions
n/a n/a affected
Version Status Constraints
n/a affected

Configuration 1 [-]

cpe:2.3:a:libslirp_project:libslirp:4.0.0:*:*:*:*:*:*:*
Package CPE Advisory Released Date
Advanced Virtualization for RHEL 8.1.0
virt:8.1-8010020190927171011.cdc1202b cpe:/a:redhat:advanced_virtualization:8.1::el8 RHBA-2019:3723 2019-11-06T00:00:00Z
virt-devel:8.1-8010020190927171011.cdc1202b cpe:/a:redhat:advanced_virtualization:8.1::el8 RHBA-2019:3723 2019-11-06T00:00:00Z
Red Hat Enterprise Linux 6
qemu-kvm-2:0.12.1.2-2.506.el6_10.6 cpe:/o:redhat:enterprise_linux:6 RHSA-2020:0775 2020-03-10T00:00:00Z
Red Hat Enterprise Linux 7
qemu-kvm-ma-10:2.12.0-33.el7_7.1 cpe:/o:redhat:enterprise_linux:7 RHSA-2019:3968 2019-11-26T00:00:00Z
qemu-kvm-10:1.5.3-167.el7_7.4 cpe:/o:redhat:enterprise_linux:7 RHSA-2020:0366 2020-02-04T00:00:00Z
Red Hat Enterprise Linux 7.6 Extended Update Support
qemu-kvm-ma-10:2.12.0-18.el7_6.6 cpe:/o:redhat:rhel_eus:7.6 RHSA-2020:2065 2020-05-11T00:00:00Z
qemu-kvm-10:1.5.3-160.el7_6.6 cpe:/o:redhat:rhel_eus:7.6 RHSA-2020:2126 2020-05-13T00:00:00Z
Red Hat Enterprise Linux 7 Extras
slirp4netns-0:0.3.0-8.el7_7 cpe:/a:redhat:rhel_extras_other:7 RHSA-2020:0889 2020-03-17T00:00:00Z
Red Hat Enterprise Linux 8
virt-devel:rhel-8000020190828150510.f8e95b4e cpe:/a:redhat:enterprise_linux:8 RHBA-2019:2715 2019-09-12T00:00:00Z
virt:rhel-8000020190828150510.f8e95b4e cpe:/a:redhat:enterprise_linux:8 RHBA-2019:2715 2019-09-12T00:00:00Z
container-tools:rhel8-8010020190927090915.4985cc55 cpe:/a:redhat:enterprise_linux:8 RHSA-2019:3403 2019-11-05T00:00:00Z
container-tools:1.0-8010020190927091243.4985cc55 cpe:/a:redhat:enterprise_linux:8 RHSA-2019:3494 2019-11-05T00:00:00Z
Red Hat OpenStack Platform 10.0 (Newton)
qemu-kvm-rhev-10:2.12.0-33.el7_7.4 cpe:/a:redhat:openstack:10::el7 RHSA-2019:4344 2019-12-19T00:00:00Z
Red Hat OpenStack Platform 13.0 (Queens)
qemu-kvm-rhev-10:2.12.0-33.el7_7.4 cpe:/a:redhat:openstack:13::el7 RHSA-2019:3787 2019-11-07T00:00:00Z
Red Hat OpenStack Platform 14.0 (Rocky)
qemu-kvm-rhev-10:2.12.0-33.el7_7.4 cpe:/a:redhat:openstack:14::el7 RHSA-2019:3742 2019-11-06T00:00:00Z
Red Hat Virtualization 4 for Red Hat Enterprise Linux 7
qemu-kvm-rhev-10:2.12.0-33.el7_7.4 cpe:/o:redhat:enterprise_linux:7::hypervisor RHSA-2019:3179 2019-10-23T00:00:00Z
qemu-kvm-rhev-10:2.12.0-44.el7 cpe:/o:redhat:enterprise_linux:7::hypervisor RHSA-2020:1216 2020-03-31T00:00:00Z
Red Hat Virtualization Engine 4.2
qemu-kvm-rhev-10:2.12.0-18.el7_6.11 cpe:/a:redhat:rhev_manager:4.2 RHSA-2020:2342 2020-06-01T00:00:00Z
Red Hat Virtualization Engine 4.3
qemu-kvm-rhev-10:2.12.0-33.el7_7.4 cpe:/a:redhat:rhev_manager:4.3 RHSA-2019:3179 2019-10-23T00:00:00Z
qemu-kvm-rhev-10:2.12.0-44.el7 cpe:/a:redhat:rhev_manager:4.3 RHSA-2020:1216 2020-03-31T00:00:00Z

No data.

Project Subscriptions

Vendors Products
Libslirp Project Subscribe
Libslirp Subscribe
Redhat Subscribe
Advanced Virtualization Subscribe
Enterprise Linux Subscribe
Openstack Subscribe
Rhel Eus Subscribe
Rhel Extras Other Subscribe
Rhev Manager Subscribe
Advisories
Source ID Title
Debian DLA Debian DLA DLA-1927-1 qemu security update
Debian DSA Debian DSA DSA-4506-1 qemu security update
Debian DSA Debian DSA DSA-4512-1 qemu security update
EUVD EUVD EUVD-2019-5587 ip_reass in ip_input.c in libslirp 4.0.0 has a heap-based buffer overflow via a large packet because it mishandles a case involving the first fragment.
Ubuntu USN Ubuntu USN USN-4191-1 QEMU vulnerabilities
Ubuntu USN Ubuntu USN USN-4191-2 QEMU vulnerabilities
Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References
Link Providers
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00000.html cve-icon cve-icon
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00008.html cve-icon cve-icon
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00034.html cve-icon cve-icon
http://packetstormsecurity.com/files/154269/QEMU-Denial-Of-Service.html cve-icon cve-icon
http://www.openwall.com/lists/oss-security/2019/08/01/2 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2019:3179 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2019:3403 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2019:3494 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2019:3742 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2019:3787 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2019:3968 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2019:4344 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2020:0366 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2020:0775 cve-icon cve-icon
https://blog.bi0s.in/2019/08/24/Pwn/VM-Escape/2019-07-29-qemu-vm-escape-cve-2019-14378/ cve-icon cve-icon
https://gitlab.freedesktop.org/slirp/libslirp/commit/126c04acbabd7ad32c2b018fe10dfac2a3bc1210 cve-icon cve-icon
https://lists.debian.org/debian-lts-announce/2019/09/msg00021.html cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UPLHB2AN663OXAWUQURF7J2X5LHD4VD3/ cve-icon cve-icon
https://news.ycombinator.com/item?id=20799010 cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2019-14378 cve-icon
https://seclists.org/bugtraq/2019/Aug/41 cve-icon cve-icon
https://seclists.org/bugtraq/2019/Sep/3 cve-icon cve-icon
https://support.f5.com/csp/article/K25423748 cve-icon cve-icon
https://support.f5.com/csp/article/K25423748?utm_source=f5support&amp%3Butm_medium=RSS cve-icon cve-icon
https://usn.ubuntu.com/4191-1/ cve-icon cve-icon
https://usn.ubuntu.com/4191-2/ cve-icon cve-icon
https://www.cve.org/CVERecord?id=CVE-2019-14378 cve-icon
https://www.debian.org/security/2019/dsa-4506 cve-icon cve-icon
https://www.debian.org/security/2019/dsa-4512 cve-icon cve-icon
History

No history.

Projects

Sign in to view the affected projects.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2024-08-05T00:19:40.277Z

Reserved: 2019-07-29T00:00:00

Link: CVE-2019-14378

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2019-07-29T11:15:11.577

Modified: 2024-11-21T04:26:37.327

Link: CVE-2019-14378

cve-icon Redhat

Severity : Important

Publid Date: 2019-07-28T00:00:00Z

Links: CVE-2019-14378 - Bugzilla

cve-icon OpenCVE Enrichment

No data.

Weaknesses