PT-2019-5138 · Libslirp+8 · Libslirp+8
Published
2019-08-25
·
Updated
2024-06-15
·
CVE-2019-15890
CVSS v2.0
7.8
High
| Vector | AV:N/AC:L/Au:N/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions
QEMU version 4.1.0
libslirp version 4.0.0
Description
The issue is related to a use-after-free in the
ip reass function in ip input.c, which can lead to a denial of service. This can be exploited by a remote attacker.Recommendations
For QEMU version 4.1.0, consider disabling the
ip reass function as a temporary workaround until a patch is available.
For libslirp version 4.0.0, restrict access to the ip input.c module to minimize the risk of exploitation.Fix
Use After Free
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Almalinux
Centos
Qemu
Red Hat
Rocky Linux
Suse
Ubuntu
Libslirp