PT-2019-5138 · Libslirp+8 · Libslirp+8
Publicado
2019-08-25
·
Atualizado
2024-06-15
·
CVE-2019-15890
CVSS v2.0
7.8
Alta
| Vetor | AV:N/AC:L/Au:N/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions
QEMU version 4.1.0
libslirp version 4.0.0
Description
The issue is related to a use-after-free in the
ip reass function in ip input.c, which can lead to a denial of service. This can be exploited by a remote attacker.Recommendations
For QEMU version 4.1.0, consider disabling the
ip reass function as a temporary workaround until a patch is available.
For libslirp version 4.0.0, restrict access to the ip input.c module to minimize the risk of exploitation.Correção
Use After Free
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Alt Linux
Almalinux
Centos
Qemu
Red Hat
Rocky Linux
Suse
Ubuntu
Libslirp