{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "tcp_emu in tcp_subr.c in libslirp 4.1.0, as used in QEMU 4.2.0, mismanages memory, as demonstrated by IRC DCC commands in EMU_IRC. This can cause a heap-based buffer overflow or other out-of-bounds access which can lead to a DoS or potential execute arbitrary code."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-02-09T23:06:13", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://gitlab.freedesktop.org/slirp/libslirp/commit/ce131029d6d4a405cb7d3ac6716d03e58fb4a5d9"}, {"tags": ["x_refsource_MISC"], "url": "https://gitlab.freedesktop.org/slirp/libslirp/commit/82ebe9c370a0e2970fb5695aa19aa5214a6a1c80"}, {"tags": ["x_refsource_MISC"], "url": "https://gitlab.freedesktop.org/slirp/libslirp/commit/2655fffed7a9e765bcb4701dd876e9dab975f289"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.openwall.com/lists/oss-security/2020/01/16/2"}, {"name": "[debian-lts-announce] 20200126 [SECURITY] [DLA 2076-1] slirp security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00022.html"}, {"name": "[debian-lts-announce] 20200131 [SECURITY] [DLA 2090-1] qemu security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00036.html"}, {"name": "20200203 [SECURITY] [DSA 4616-1] qemu security update", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "https://seclists.org/bugtraq/2020/Feb/0"}, {"name": "DSA-4616", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2020/dsa-4616"}, {"name": "RHSA-2020:0348", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2020:0348"}, {"name": "USN-4283-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/4283-1/"}, {"name": "RHSA-2020:0775", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2020:0775"}, {"name": "openSUSE-SU-2020:0468", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00007.html"}, {"name": "GLSA-202005-02", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/202005-02"}, {"name": "[debian-lts-announce] 20210209 [SECURITY] [DLA 2551-1] slirp security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00012.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-7039", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "tcp_emu in tcp_subr.c in libslirp 4.1.0, as used in QEMU 4.2.0, mismanages memory, as demonstrated by IRC DCC commands in EMU_IRC. This can cause a heap-based buffer overflow or other out-of-bounds access which can lead to a DoS or potential execute arbitrary code."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://gitlab.freedesktop.org/slirp/libslirp/commit/ce131029d6d4a405cb7d3ac6716d03e58fb4a5d9", "refsource": "MISC", "url": "https://gitlab.freedesktop.org/slirp/libslirp/commit/ce131029d6d4a405cb7d3ac6716d03e58fb4a5d9"}, {"name": "https://gitlab.freedesktop.org/slirp/libslirp/commit/82ebe9c370a0e2970fb5695aa19aa5214a6a1c80", "refsource": "MISC", "url": "https://gitlab.freedesktop.org/slirp/libslirp/commit/82ebe9c370a0e2970fb5695aa19aa5214a6a1c80"}, {"name": "https://gitlab.freedesktop.org/slirp/libslirp/commit/2655fffed7a9e765bcb4701dd876e9dab975f289", "refsource": "MISC", "url": "https://gitlab.freedesktop.org/slirp/libslirp/commit/2655fffed7a9e765bcb4701dd876e9dab975f289"}, {"name": "http://www.openwall.com/lists/oss-security/2020/01/16/2", "refsource": "CONFIRM", "url": "http://www.openwall.com/lists/oss-security/2020/01/16/2"}, {"name": "[debian-lts-announce] 20200126 [SECURITY] [DLA 2076-1] slirp security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00022.html"}, {"name": "[debian-lts-announce] 20200131 [SECURITY] [DLA 2090-1] qemu security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00036.html"}, {"name": "20200203 [SECURITY] [DSA 4616-1] qemu security update", "refsource": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2020/Feb/0"}, {"name": "DSA-4616", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2020/dsa-4616"}, {"name": "RHSA-2020:0348", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2020:0348"}, {"name": "USN-4283-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4283-1/"}, {"name": "RHSA-2020:0775", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2020:0775"}, {"name": "openSUSE-SU-2020:0468", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00007.html"}, {"name": "GLSA-202005-02", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202005-02"}, {"name": "[debian-lts-announce] 20210209 [SECURITY] [DLA 2551-1] slirp security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00012.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T09:18:02.717Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://gitlab.freedesktop.org/slirp/libslirp/commit/ce131029d6d4a405cb7d3ac6716d03e58fb4a5d9"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://gitlab.freedesktop.org/slirp/libslirp/commit/82ebe9c370a0e2970fb5695aa19aa5214a6a1c80"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://gitlab.freedesktop.org/slirp/libslirp/commit/2655fffed7a9e765bcb4701dd876e9dab975f289"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2020/01/16/2"}, {"name": "[debian-lts-announce] 20200126 [SECURITY] [DLA 2076-1] slirp security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00022.html"}, {"name": "[debian-lts-announce] 20200131 [SECURITY] [DLA 2090-1] qemu security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00036.html"}, {"name": "20200203 [SECURITY] [DSA 4616-1] qemu security update", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "https://seclists.org/bugtraq/2020/Feb/0"}, {"name": "DSA-4616", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "https://www.debian.org/security/2020/dsa-4616"}, {"name": "RHSA-2020:0348", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2020:0348"}, {"name": "USN-4283-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/4283-1/"}, {"name": "RHSA-2020:0775", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2020:0775"}, {"name": "openSUSE-SU-2020:0468", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00007.html"}, {"name": "GLSA-202005-02", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/202005-02"}, {"name": "[debian-lts-announce] 20210209 [SECURITY] [DLA 2551-1] slirp security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00012.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-7039", "datePublished": "2020-01-16T22:51:40", "dateReserved": "2020-01-14T00:00:00", "dateUpdated": "2024-08-04T09:18:02.717Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:libslirp_project:libslirp:4.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "3679E165-A6B7-41B5-AC02-F38A00DAFD78", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:qemu:qemu:4.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "B224F3C1-3F8B-4178-82B1-4264C1811A0C", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true}, {"criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "tcp_emu in tcp_subr.c in libslirp 4.1.0, as used in QEMU 4.2.0, mismanages memory, as demonstrated by IRC DCC commands in EMU_IRC. This can cause a heap-based buffer overflow or other out-of-bounds access which can lead to a DoS or potential execute arbitrary code."}, {"lang": "es", "value": "El archivo tcp_emu en tcp_subr.c en libslirp versi\u00f3n 4.1.0, como es usado en QEMU versi\u00f3n 4.2.0, administra inapropiadamente la memoria, como es demostrado por los comandos IRC DCC en EMU_IRC. Esto puede causar un desbordamiento del b\u00fafer en la regi\u00f3n heap de la memoria u otro acceso fuera de l\u00edmites que puede conllevar a una DoS o un c\u00f3digo arbitrario de ejecuci\u00f3n potencial."}], "id": "CVE-2020-7039", "lastModified": "2024-11-21T05:36:32.020", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 3.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-01-16T23:15:12.190", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00007.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2020/01/16/2"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2020:0348"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2020:0775"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://gitlab.freedesktop.org/slirp/libslirp/commit/2655fffed7a9e765bcb4701dd876e9dab975f289"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://gitlab.freedesktop.org/slirp/libslirp/commit/82ebe9c370a0e2970fb5695aa19aa5214a6a1c80"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://gitlab.freedesktop.org/slirp/libslirp/commit/ce131029d6d4a405cb7d3ac6716d03e58fb4a5d9"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00022.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00036.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00012.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://seclists.org/bugtraq/2020/Feb/0"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/202005-02"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/4283-1/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2020/dsa-4616"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00007.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2020/01/16/2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2020:0348"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2020:0775"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://gitlab.freedesktop.org/slirp/libslirp/commit/2655fffed7a9e765bcb4701dd876e9dab975f289"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://gitlab.freedesktop.org/slirp/libslirp/commit/82ebe9c370a0e2970fb5695aa19aa5214a6a1c80"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://gitlab.freedesktop.org/slirp/libslirp/commit/ce131029d6d4a405cb7d3ac6716d03e58fb4a5d9"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00022.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00036.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00012.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://seclists.org/bugtraq/2020/Feb/0"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/202005-02"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/4283-1/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2020/dsa-4616"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank Vishnu Dev TJ for reporting this issue.", "affected_release": [{"advisory": "RHSA-2020:1261", "cpe": "cpe:/a:redhat:advanced_virtualization:8.1::el8", "package": "virt:8.1-8010120200304224358.5db1954d", "product_name": "Advanced Virtualization for RHEL 8.1.1", "release_date": "2020-04-01T00:00:00Z"}, {"advisory": "RHSA-2020:1261", "cpe": "cpe:/a:redhat:advanced_virtualization:8.1::el8", "package": "virt-devel:8.1-8010120200304224358.5db1954d", "product_name": "Advanced Virtualization for RHEL 8.1.1", "release_date": "2020-04-01T00:00:00Z"}, {"advisory": "RHSA-2020:0775", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "qemu-kvm-2:0.12.1.2-2.506.el6_10.6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2020-03-10T00:00:00Z"}, {"advisory": "RHSA-2020:1116", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "qemu-kvm-10:1.5.3-173.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2020-03-31T00:00:00Z"}, {"advisory": "RHSA-2020:1150", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "qemu-kvm-ma-10:2.12.0-44.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2020-03-31T00:00:00Z"}, {"advisory": "RHSA-2020:1351", "cpe": "cpe:/o:redhat:rhel_eus:7.7", "package": "qemu-kvm-10:1.5.3-167.el7_7.6", "product_name": "Red Hat Enterprise Linux 7.7 Extended Update Support", "release_date": "2020-04-07T00:00:00Z"}, {"advisory": "RHSA-2020:1352", "cpe": "cpe:/o:redhat:rhel_eus:7.7", "package": "qemu-kvm-ma-10:2.12.0-33.el7_7.3", "product_name": "Red Hat Enterprise Linux 7.7 Extended Update Support", "release_date": "2020-04-07T00:00:00Z"}, {"advisory": "RHSA-2020:0889", "cpe": "cpe:/a:redhat:rhel_extras_other:7", "package": "slirp4netns-0:0.3.0-8.el7_7", "product_name": "Red Hat Enterprise Linux 7 Extras", "release_date": "2020-03-17T00:00:00Z"}, {"advisory": "RHSA-2020:0348", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "container-tools:rhel8-8010120200116121758.53d07e52", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2020-02-04T00:00:00Z"}, {"advisory": "RHSA-2020:1358", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "virt-devel:rhel-8010020200304114113.c27ad7f8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2020-04-07T00:00:00Z"}, {"advisory": "RHSA-2020:1358", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "virt:rhel-8010020200304114113.c27ad7f8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2020-04-07T00:00:00Z"}, {"advisory": "RHSA-2020:1360", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "container-tools:1.0-8010020200206144344.c294d161", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2020-04-07T00:00:00Z"}, {"advisory": "RHSA-2020:1344", "cpe": "cpe:/a:redhat:rhel_e4s:8.0", "package": "virt:rhel-8000020200305185300.f8e95b4e", "product_name": "Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions", "release_date": "2020-04-07T00:00:00Z"}, {"advisory": "RHBA-2020:0390", "cpe": "cpe:/a:redhat:openshift:4.3::el8", "package": "slirp4netns-0:0.4.2-3.git21fdece.el8", "product_name": "Red Hat OpenShift Container Platform 4.3", "release_date": "2020-02-12T00:00:00Z"}, {"advisory": "RHSA-2020:1300", "cpe": "cpe:/a:redhat:openstack:10::el7", "impact": "low", "package": "qemu-kvm-rhev-10:2.12.0-33.el7_7.10", "product_name": "Red Hat OpenStack Platform 10.0 (Newton)", "release_date": "2020-04-02T00:00:00Z"}, {"advisory": "RHSA-2020:1296", "cpe": "cpe:/a:redhat:openstack:13::el7", "impact": "low", "package": "qemu-kvm-rhev-10:2.12.0-44.el7", "product_name": "Red Hat OpenStack Platform 13.0 (Queens)", "release_date": "2020-04-02T00:00:00Z"}, {"advisory": "RHSA-2020:2730", "cpe": "cpe:/a:redhat:openstack:13::el7", "impact": "low", "package": "qemu-kvm-rhev-10:2.12.0-44.el7_8.1", "product_name": "Red Hat OpenStack Platform 13.0 (Queens)", "release_date": "2020-06-24T00:00:00Z"}, {"advisory": "RHSA-2020:2730", "cpe": "cpe:/a:redhat:openstack:13::el7", "impact": "low", "package": "qemu-kvm-rhev-10:2.12.0-18.el7_6.11", "product_name": "Red Hat OpenStack Platform 13.0 (Queens) for RHEL 7.6 EUS", "release_date": "2020-06-24T00:00:00Z"}, {"advisory": "RHSA-2020:2342", "cpe": "cpe:/a:redhat:rhev_manager:4.2", "package": "qemu-kvm-rhev-10:2.12.0-18.el7_6.11", "product_name": "Red Hat Virtualization Engine 4.2", "release_date": "2020-06-01T00:00:00Z"}], "bugzilla": {"description": "QEMU: slirp: OOB buffer access while emulating tcp protocols in tcp_emu()", "id": "1791551", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1791551"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.6", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "status": "verified"}, "cwe": "CWE-122", "details": ["tcp_emu in tcp_subr.c in libslirp 4.1.0, as used in QEMU 4.2.0, mismanages memory, as demonstrated by IRC DCC commands in EMU_IRC. This can cause a heap-based buffer overflow or other out-of-bounds access which can lead to a DoS or potential execute arbitrary code.", "A heap buffer overflow issue was found in the SLiRP networking implementation of the QEMU emulator. This flaw occurs in the tcp_emu() routine while emulating IRC and other protocols. An attacker could use this flaw to crash the QEMU process on the host, resulting in a denial of service or potential execution of arbitrary code with privileges of the QEMU process."], "mitigation": {"lang": "en:us", "value": "This issue can only be resolved by applying updates.\nMitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2020-7039", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Out of support scope", "package_name": "kvm", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "xen", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Affected", "package_name": "qemu-kvm-rhev", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/a:redhat:advanced_virtualization:8::el8", "fix_state": "Affected", "package_name": "qemu-kvm", "product_name": "Red Hat Enterprise Linux 8 Advanced Virtualization"}], "public_date": "2020-01-07T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2020-7039\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-7039"], "statement": "This issue affects user-mode or SLiRP networking implementation of the QEMU emulator. Though qemu-kvm package is built with SLiRP networking support, due to its limitations, it is not used by the virtual machine guests by default.\nThis issue affects versions of the qemu-kvm package as shipped with Red Hat Enterprise Linux 5, 6, 7, 8 and Red Hat Enterprise Linux Advanced Virtualization 8. Future qemu-kvm package updates for Red Hat Enterprise Linux 6, 7, 8 and Red Hat Enterprise Linux Advanced Virtualization 8 may address this issue.\nRed Hat Enterprise Linux 5 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This issue is currently not planned to be addressed in its future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\nRed Hat OpenStack Platform: \n* This flaw impacts KVM user-mode or SLIRP networking, which is not used in Red Hat OpenStack Platform. Although updating is recommended for affected versions (see below), Red Hat OpenStack Platform environments are not vulnerable.", "threat_severity": "Important", "upstream_fix": "libslirp 4.2.0"}