CVE-2020-1983

Опубликовано: 22 апр. 2020

Источник: debian

EPSS Низкий

Описание

A use after free vulnerability in ip_reass() in ip_input.c of libslirp 4.2.0 and prior releases allows crafted packets to cause a denial of service.

Пакет	Статус	Версия исправления	Релиз	Тип
qemu	fixed	1:4.1-2		package
qemu-kvm	removed			package
libslirp	fixed	4.2.0-2		package
slirp4netns	fixed	1.0.1-1		package
slirp4netns	no-dsa		buster	package

https://gitlab.freedesktop.org/slirp/libslirp/-/commit/9bd6c5913271eabcb7768a58197ed3301fe19f2d
qemu 1:4.1-2 switched to system libslirp, marking that version as fixed
slirp4netns 1.0.1-1 switched to system libslirp, marking that version as fixed.
https://github.com/rootless-containers/slirp4netns/security/advisories/GHSA-p3hx-89v2-4r99

EPSS

Процентиль: 35%

0.00141

Низкий

CVE-2020-1983

CVSS3: 7.5

ubuntu

около 5 лет назад

A use after free vulnerability in ip_reass() in ip_input.c of libslirp 4.2.0 and prior releases allows crafted packets to cause a denial of service.

CVE-2020-1983

CVSS3: 6.5

redhat

около 5 лет назад

A use after free vulnerability in ip_reass() in ip_input.c of libslirp 4.2.0 and prior releases allows crafted packets to cause a denial of service.

CVE-2020-1983

CVSS3: 7.5

nvd

около 5 лет назад

A use after free vulnerability in ip_reass() in ip_input.c of libslirp 4.2.0 and prior releases allows crafted packets to cause a denial of service.

openSUSE-SU-2020:0756-1

suse-cvrf

около 5 лет назад

Security update for qemu

openSUSE-SU-2020:0636-1

suse-cvrf

около 5 лет назад

Security update for slirp4netns

EPSS

Процентиль: 35%

0.00141

Низкий