PT-2019-3474 · Oracle+8 · Virtualbox+9
Stefanha
·
Published
2019-07-28
·
Updated
2024-06-15
·
CVE-2019-14378
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
libslirp version 4.0.0
Description
The issue is related to a heap-based buffer overflow in the
ip reass function of the libslirp library, which can be exploited by a remote attacker to gain unauthorized access to information, cause a denial of service, or impact the availability of information. This problem affects QEMU, systems using KVM in Usermode, Virtualbox, and applications that use the libSLIRP network stack.Recommendations
For libslirp version 4.0.0, consider disabling the
ip reass function in the ip input.c file as a temporary workaround until a patch is available. Restrict access to the vulnerable libslirp library to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.Exploit
Improper Handling of Exceptional Conditions
Buffer Overflow
Memory Corruption
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Almalinux
Centos
Kvm
Qemu
Red Hat
Rocky Linux
Suse
Ubuntu
Virtualbox
Libslirp