CVE-2020-1983

Priority
Description
A use after free vulnerability in ip_reass() in ip_input.c of libslirp
4.2.0 and prior releases allows crafted packets to cause a denial of
service.
Assigned-to
mdeslaur
Notes
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 19.10 (Eoan Ermine):DNE
Ubuntu 20.04 LTS (Focal Fossa):released (4.1.0-2ubuntu2)
Ubuntu 20.10 (Groovy Gorilla):released (4.1.0-2ubuntu2)
Patches:
Upstream:https://gitlab.freedesktop.org/slirp/libslirp/-/commit/9bd6c5913271eabcb7768a58197ed3301fe19f2d
Package
Source: qemu (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):needs-triage
Ubuntu 16.04 LTS (Xenial Xerus):released (1:2.5+dfsg-5ubuntu10.44)
Ubuntu 18.04 LTS (Bionic Beaver):released (1:2.11+dfsg-1ubuntu7.26)
Ubuntu 19.10 (Eoan Ermine):released (1:4.0+dfsg-0ubuntu9.6)
Ubuntu 20.04 LTS (Focal Fossa):not-affected (uses system libslirp)
Ubuntu 20.10 (Groovy Gorilla):not-affected (uses system libslirp)
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):needs-triage
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 19.10 (Eoan Ermine):DNE
Ubuntu 20.04 LTS (Focal Fossa):DNE
Ubuntu 20.10 (Groovy Gorilla):DNE
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 19.10 (Eoan Ermine):needs-triage
Ubuntu 20.04 LTS (Focal Fossa):needs-triage
Ubuntu 20.10 (Groovy Gorilla):not-affected (1.0.1-1)
More Information

Updated: 2020-05-21 19:14:29 UTC (commit 1857171283772f1f0527cca8d67d08598c24448e)