// For flags

CVE-2019-14378

QEMU - Denial of Service

Severity Score

8.8
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

ip_reass in ip_input.c in libslirp 4.0.0 has a heap-based buffer overflow via a large packet because it mishandles a case involving the first fragment.

La función ip_reass en el archivo ip_input.c en libslirp versión 4.0.0, presenta un desbordamiento de búfer en la región heap de la memoria por medio de un paquete largo debido a que maneja inapropiadamente un caso que involucra el primer fragmento.

A heap buffer overflow issue was found in the SLiRP networking implementation of the QEMU emulator. This flaw occurs in the ip_reass() routine while reassembling incoming packets if the first fragment is bigger than the m->m_dat[] buffer. An attacker could use this flaw to crash the QEMU process on the host, resulting in a Denial of Service or potentially executing arbitrary code with privileges of the QEMU process.

QEMU suffers from a denial of service vulnerability.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Local
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
Single
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2019-07-29 CVE Reserved
  • 2019-07-29 CVE Published
  • 2019-08-20 First Exploit
  • 2024-08-05 CVE Updated
  • 2024-09-14 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-122: Heap-based Buffer Overflow
  • CWE-755: Improper Handling of Exceptional Conditions
  • CWE-787: Out-of-bounds Write
CAPEC
References (30)
URL Tag Source
http://packetstormsecurity.com/files/154269/QEMU-Denial-Of-Service.html X_refsource_misc
http://www.openwall.com/lists/oss-security/2019/08/01/2 Mailing List
https://blog.bi0s.in/2019/08/24/Pwn/VM-Escape/2019-07-29-qemu-vm-escape-cve-2019-14378 X_refsource_misc
https://lists.debian.org/debian-lts-announce/2019/09/msg00021.html Mailing List
https://news.ycombinator.com/item?id=20799010 X_refsource_misc
https://seclists.org/bugtraq/2019/Aug/41 Mailing List
https://seclists.org/bugtraq/2019/Sep/3 Mailing List
https://support.f5.com/csp/article/K25423748 X_refsource_confirm
https://support.f5.com/csp/article/K25423748?utm_source=f5support&amp%3Butm_medium=RSS X_refsource_confirm
URL Date SRC
https://www.exploit-db.com/exploits/47320 2019-08-20
URL Date SRC
https://gitlab.freedesktop.org/slirp/libslirp/commit/126c04acbabd7ad32c2b018fe10dfac2a3bc1210 2023-11-07
URL Date SRC
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00000.html 2023-11-07
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00008.html 2023-11-07
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00034.html 2023-11-07
https://access.redhat.com/errata/RHSA-2019:3179 2023-11-07
https://access.redhat.com/errata/RHSA-2019:3403 2023-11-07
https://access.redhat.com/errata/RHSA-2019:3494 2023-11-07
https://access.redhat.com/errata/RHSA-2019:3742 2023-11-07
https://access.redhat.com/errata/RHSA-2019:3787 2023-11-07
https://access.redhat.com/errata/RHSA-2019:3968 2023-11-07
https://access.redhat.com/errata/RHSA-2019:4344 2023-11-07
https://access.redhat.com/errata/RHSA-2020:0366 2023-11-07
https://access.redhat.com/errata/RHSA-2020:0775 2023-11-07
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UPLHB2AN663OXAWUQURF7J2X5LHD4VD3 2023-11-07
https://usn.ubuntu.com/4191-1 2023-11-07
https://usn.ubuntu.com/4191-2 2023-11-07
https://www.debian.org/security/2019/dsa-4506 2023-11-07
https://www.debian.org/security/2019/dsa-4512 2023-11-07
https://access.redhat.com/security/cve/CVE-2019-14378 2020-06-01
https://bugzilla.redhat.com/show_bug.cgi?id=1734745 2020-06-01
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Libslirp Project
Search vendor "Libslirp Project"
 Libslirp
Search vendor "Libslirp Project" for product "Libslirp"
 4.0.0
Search vendor "Libslirp Project" for product "Libslirp" and version "4.0.0"
-
Affected