[ASA-202012-7] libslirp: information disclosure
Remi Gacogne
rgacogne at archlinux.org
Wed Dec 9 18:58:38 UTC 2020
Arch Linux Security Advisory ASA-202012-7
=========================================
Severity: Medium
Date : 2020-12-05
CVE-ID : CVE-2020-29129 CVE-2020-29130
Package : libslirp
Type : information disclosure
Remote : No
Link : https://security.archlinux.org/AVG-1305
Summary
=======
The package libslirp before version 4.4.0-1 is vulnerable to
information disclosure.
Resolution
==========
Upgrade to 4.4.0-1.
# pacman -Syu "libslirp>=4.4.0-1"
The problems have been fixed upstream in version 4.4.0.
Workaround
==========
None.
Description
===========
- CVE-2020-29129 (information disclosure)
ncsi.c in libslirp through 4.3.1 has a buffer over-read because it
tries to read a certain amount of header data even if that exceeds the
total packet length. A privileged guest user may use this flaw to
potentially leak host information bytes.
- CVE-2020-29130 (information disclosure)
slirp.c in libslirp through 4.3.1 has a buffer over-read because it
tries to read a certain amount of header data even if that exceeds the
total packet length. A privileged guest user may use this flaw to
potentially leak host information bytes.
Impact
======
A privileged guest user may be able to access sensitive information
from the host memory.
References
==========
https://www.openwall.com/lists/oss-security/2020/11/27/1
https://gitlab.freedesktop.org/slirp/libslirp/-/commit/2e1dcbc0c2af64fcb17009eaf2ceedd81be2b27f
https://git.qemu.org/?p=qemu.git;a=commitdiff;h=37c0c885d19a4c2d69faed891b5c02aaffbdccfb
https://security.archlinux.org/CVE-2020-29129
https://security.archlinux.org/CVE-2020-29130
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 840 bytes
Desc: OpenPGP digital signature
URL: <https://lists.archlinux.org/pipermail/arch-security/attachments/20201209/5e73a6a2/attachment.sig>
More information about the arch-security
mailing list