PublicDateAtUSN: 2020-11-26 20:15:00 UTC Candidate: CVE-2020-29130 PublicDate: 2020-11-26 20:15:00 UTC References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29130 https://lists.freedesktop.org/archives/slirp/2020-November/000115.html http://www.openwall.com/lists/oss-security/2020/11/27/1 https://ubuntu.com/security/notices/USN-5009-1 Description: slirp.c in libslirp through 4.3.1 has a buffer over-read because it tries to read a certain amount of header data even if that exceeds the total packet length. Ubuntu-Description: Notes: Mitigation: Bugs: Priority: low Discovered-by: Qiuhao Li Assigned-to: mdeslaur CVSS: nvd: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N [4.3 MEDIUM] Patches_qemu-kvm: upstream_qemu-kvm: needs-triage precise/esm_qemu-kvm: not-affected (code not present) trusty_qemu-kvm: DNE trusty/esm_qemu-kvm: DNE xenial_qemu-kvm: DNE bionic_qemu-kvm: DNE focal_qemu-kvm: DNE groovy_qemu-kvm: DNE hirsute_qemu-kvm: DNE impish_qemu-kvm: DNE jammy_qemu-kvm: DNE devel_qemu-kvm: DNE Patches_qemu: upstream_qemu: needs-triage precise/esm_qemu: DNE trusty_qemu: ignored (out of standard support) trusty/esm_qemu: not-affected (code not present) xenial_qemu: not-affected (code not present) esm-infra/xenial_qemu: not-affected (code not present) bionic_qemu: not-affected (code not present) focal_qemu: not-affected (uses system libslirp) groovy_qemu: not-affected (uses system libslirp) hirsute_qemu: not-affected (uses system libslirp) impish_qemu: not-affected (uses system libslirp) jammy_qemu: not-affected (uses system libslirp) devel_qemu: not-affected (uses system libslirp) Patches_libslirp: upstream: https://gitlab.freedesktop.org/slirp/libslirp/-/commit/2e1dcbc0c2af64fcb17009eaf2ceedd81be2b27f upstream_libslirp: released (4.4.0-1) precise/esm_libslirp: DNE trusty_libslirp: ignored (out of standard support) trusty/esm_libslirp: DNE xenial_libslirp: DNE bionic_libslirp: DNE focal_libslirp: released (4.1.0-2ubuntu2.2) groovy_libslirp: released (4.3.1-1ubuntu0.1) hirsute_libslirp: not-affected (4.4.0-1) impish_libslirp: not-affected (4.4.0-1) jammy_libslirp: not-affected (4.4.0-1) devel_libslirp: not-affected (4.4.0-1)