CVE-2019-9824

Опубликовано: 03 июн. 2019

Источник: debian

EPSS Низкий

Описание

tcp_emu in slirp/tcp_subr.c (aka slirp/src/tcp_subr.c) in QEMU 3.0.0 uses uninitialized data in an snprintf call, leading to Information disclosure.

Пакет	Статус	Версия исправления	Релиз	Тип
qemu	fixed	1:3.1+dfsg-6		package
qemu-kvm	removed			package
slirp4netns	fixed	0.3.1-1		package
slirp4netns	fixed	0.2.3-1	buster	package

https://lists.gnu.org/archive/html/qemu-devel/2019-03/msg01871.html
https://www.openwall.com/lists/oss-security/2019/03/18/1
https://github.com/qemu/qemu/commit/d3222975c7d6cda9e25809dea05241188457b113
https://github.com/rootless-containers/slirp4netns/security/advisories/GHSA-vp7q-v36g-7vq7

EPSS

Процентиль: 30%

0.00106

Низкий

CVE-2019-9824

CVSS3: 5.5

ubuntu

около 6 лет назад

tcp_emu in slirp/tcp_subr.c (aka slirp/src/tcp_subr.c) in QEMU 3.0.0 uses uninitialized data in an snprintf call, leading to Information disclosure.

CVE-2019-9824

CVSS3: 2.8

redhat

больше 6 лет назад

tcp_emu in slirp/tcp_subr.c (aka slirp/src/tcp_subr.c) in QEMU 3.0.0 uses uninitialized data in an snprintf call, leading to Information disclosure.

CVE-2019-9824

CVSS3: 5.5

nvd

около 6 лет назад

tcp_emu in slirp/tcp_subr.c (aka slirp/src/tcp_subr.c) in QEMU 3.0.0 uses uninitialized data in an snprintf call, leading to Information disclosure.

GHSA-hx33-mww2-6mf5

github

около 3 лет назад

tcp_emu in slirp/tcp_subr.c (aka slirp/src/tcp_subr.c) in QEMU 3.0.0 uses uninitialized data in an snprintf call, leading to Information disclosure.

ELSA-2019-2078

oracle-oval

почти 6 лет назад

ELSA-2019-2078: qemu-kvm security, bug fix, and enhancement update (LOW)

EPSS

Процентиль: 30%

0.00106

Низкий