CVE-2019-9824

Summary

CVE	CVE-2019-9824
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2019-06-03 21:29:00 UTC
Updated	2023-11-07 03:13:00 UTC
Description	tcp_emu in slirp/tcp_subr.c (aka slirp/src/tcp_subr.c) in QEMU 3.0.0 uses uninitialized data in an snprintf call, leading to Information disclosure.

Risk And Classification

Problem Types: CWE-908

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Qemu	Qemu	3.0.0	All	All	All
Application	Qemu	Qemu	3.0.0	All	All	All

References

Reference	Source	Link	Tags
Re: [Qemu-devel] [PATCH] slirp: check sscanf result when emulating ident	MISC	lists.gnu.org	Patch, Third Party Advisory
Red Hat Customer Portal	REDHAT	access.redhat.com
[SECURITY] Fedora 30 Update: qemu-3.1.0-9.fc30 - package-announce - Fedora Mailing-Lists		lists.fedoraproject.org
Red Hat Customer Portal	REDHAT	access.redhat.com
[SECURITY] Fedora 30 Update: qemu-3.1.0-9.fc30 - package-announce - Fedora Mailing-Lists	FEDORA	lists.fedoraproject.org
Red Hat Customer Portal	REDHAT	access.redhat.com
Red Hat Customer Portal	REDHAT	access.redhat.com
Red Hat Customer Portal	REDHAT	access.redhat.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

159660 Oracle Enterprise Linux Security Update for virt:ol (ELSA-2019-3345)
377373 Alibaba Cloud Linux Security Update for virt:rhel (ALINUX3-SA-2022:0074)
378240 Virtuozzo Linux Security Update for qemu-guest-agent (VZLSA-2019:1650)
710160 Gentoo Linux QEMU Multiple vulnerabilities (GLSA 201904-25)
940336 AlmaLinux Security Update for virt:rhel (ALSA-2019:3345)
960798 Rocky Linux Security Update for virt:rhel (RLSA-2019:3345)