Description
tcp_emu in tcp_subr.c in libslirp 4.1.0, as used in QEMU 4.2.0, mismanages
memory, as demonstrated by IRC DCC commands in EMU_IRC. This can cause a
heap-based buffer overflow or other out-of-bounds access which can lead to
a DoS or potential execute arbitrary code.
Ubuntu-Description
It was discovered that the SLiRP networking implementation of the QEMU
emulator did not properly manage memory under certain circumstances. An
attacker could use this to cause a heap-based buffer overflow or other
out-of-bounds access, which can lead to a denial of service (application
crash) or potential execute arbitrary code.
Notes
| mdeslaur | possible better approach would be to disable tcp_emu completely
https://gitlab.freedesktop.org/slirp/libslirp/commit/07c2a44b67e219ac14207f7a1b33704e1312cf91 |
Package
| Upstream: | released
(1:4.2-1)
|
| Ubuntu 18.04 LTS: | released
(1:2.11+dfsg-1ubuntu7.23)
|
| Ubuntu 20.04 LTS: | not-affected
(uses system libslirp)
|
| Ubuntu 21.10: | not-affected
(uses system libslirp)
|
| Ubuntu 16.04 ESM: | released
(1:2.5+dfsg-5ubuntu10.43)
|
| Ubuntu 22.04 LTS: | not-affected
(uses system libslirp)
|
| Ubuntu 14.04 ESM: | needed
|
Patches:
Package
| Upstream: | needs-triage
|
| Ubuntu 18.04 LTS: | DNE
|
| Ubuntu 20.04 LTS: | DNE
|
| Ubuntu 21.10: | DNE
|
| Ubuntu 22.04 LTS: | DNE
|
| Ubuntu 14.04 ESM: | DNE
|
Patches:
Updated: 2022-04-25 00:50:53 UTC (commit ecc1009cb19540b950de59270950018900f37f15)