CVE-2019-15890
QEMU: Slirp: use-after-free during packet reassembly
Severity Score
7.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
libslirp 4.0.0, as used in QEMU 4.1.0, has a use-after-free in ip_reass in ip_input.c.
libslirp versión 4.0.0, como es usado en QEMU versión 4.1.0, presenta un uso de la memoria previamente liberada en la función ip_reass en el archivo ip_input.c.
A use-after-free issue was found in the SLiRP networking implementation of the QEMU emulator. The issue occurs in ip_reass() routine while reassembling incoming packets, if the first fragment is bigger than the m->m_dat[] buffer. A user or process could use this flaw to crash the QEMU process on the host, resulting in a denial of service.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2019-09-03 CVE Reserved
- 2019-09-06 CVE Published
- 2024-08-05 CVE Updated
- 2024-08-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-416: Use After Free
CAPEC
References (11)
| URL | Tag | Source |
|---|---|---|
| https://lists.debian.org/debian-lts-announce/2019/09/msg00021.html | Mailing List |
|
| https://seclists.org/bugtraq/2020/Feb/0 | Mailing List |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2019/09/06/3 | 2019-09-20 | |
| https://gitlab.freedesktop.org/slirp/libslirp/commit/c5927943 | 2019-09-20 |
| URL | Date | SRC |
|---|---|---|
| http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00034.html | 2019-09-20 | |
| https://access.redhat.com/errata/RHSA-2020:0775 | 2019-09-20 | |
| https://usn.ubuntu.com/4191-1 | 2019-09-20 | |
| https://usn.ubuntu.com/4191-2 | 2019-09-20 | |
| https://www.debian.org/security/2020/dsa-4616 | 2019-09-20 | |
| https://access.redhat.com/security/cve/CVE-2019-15890 | 2020-11-04 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1749716 | 2020-11-04 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Libslirp Project Search vendor "Libslirp Project" | Libslirp Search vendor "Libslirp Project" for product "Libslirp" | 4.0.0 Search vendor "Libslirp Project" for product "Libslirp" and version "4.0.0" | - |
Affected
| ||||||
| Qemu Search vendor "Qemu" | Qemu Search vendor "Qemu" for product "Qemu" | 4.1.0 Search vendor "Qemu" for product "Qemu" and version "4.1.0" | - |
Affected
| ||||||