CVE-2020-29130
Summary
| CVE | CVE-2020-29130 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2020-11-26 20:15:00 UTC |
|---|
| Updated | 2023-11-07 03:21:00 UTC |
|---|
| Description | slirp.c in libslirp through 4.3.1 has a buffer over-read because it tries to read a certain amount of header data even if that exceeds the total packet length. |
|---|
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|
| [SECURITY] Fedora 33 Update: libslirp-4.3.1-3.fc33 - package-announce - Fedora Mailing-Lists |
FEDORA |
lists.fedoraproject.org |
Mailing List, Third Party Advisory |
| [Slirp] [PATCH] slirp: check pkt_len before reading protocol header |
MISC |
lists.freedesktop.org |
Exploit, Mailing List, Vendor Advisory |
| [SECURITY] [DLA 3362-1] qemu security update |
MLIST |
lists.debian.org |
|
| [SECURITY] [DLA 2560-1] qemu security update |
MLIST |
lists.debian.org |
Mailing List, Third Party Advisory |
| [SECURITY] Fedora 33 Update: libslirp-4.3.1-3.fc33 - package-announce - Fedora Mailing-Lists |
|
lists.fedoraproject.org |
|
| [SECURITY] Fedora 32 Update: libslirp-4.3.1-3.fc32 - package-announce - Fedora Mailing-Lists |
FEDORA |
lists.fedoraproject.org |
Mailing List, Third Party Advisory |
| [SECURITY] Fedora 32 Update: libslirp-4.3.1-3.fc32 - package-announce - Fedora Mailing-Lists |
|
lists.fedoraproject.org |
|
| oss-security - CVE-2020-29129 CVE-2020-29130 QEMU: slirp: out-of-bounds access
while processing ARP/NCSI packets |
MLIST |
www.openwall.com |
Mailing List, Third Party Advisory |
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 159456 Oracle Enterprise Linux Security Update for virt:ol and virt-devel:rhel (ELSA-2021-1762)
- 159582 Oracle Enterprise Linux Security Update for qemu (ELSA-2021-9638)
- 159672 Oracle Enterprise Linux Security Update for kvm_utils (ELSA-2022-9172)
- 174920 SUSE Enterprise Linux Security Update for qemu (SUSE-SU-2021:1243-1)
- 174921 SUSE Enterprise Linux Security Update for qemu (SUSE-SU-2021:1245-1)
- 174922 SUSE Enterprise Linux Security Update for qemu (SUSE-SU-2021:1240-1)
- 174923 SUSE Enterprise Linux Security Update for qemu (SUSE-SU-2021:1241-1)
- 174924 SUSE Enterprise Linux Security Update for qemu (SUSE-SU-2021:1244-1)
- 174926 SUSE Enterprise Linux Security Update for qemu (SUSE-SU-2021:1242-1)
- 181630 Debian Security Update for qemu (DLA 3362-1)
- 198431 Ubuntu Security Notification for libslirp vulnerabilities (USN-5009-1)
- 239306 Red Hat Update for virt:rhel and virt-devel:rhel (RHSA-2021:1762)
- 352383 Amazon Linux Security Advisory for qemu: ALAS2-2021-1671
- 377413 Alibaba Cloud Linux Security Update for virt:rhel and virt-devel:rhel (ALINUX3-SA-2022:0119)
- 501610 Alpine Linux Security Update for libslirp
- 750097 SUSE Enterprise Linux Security Update for qemu (SUSE-SU-2021:1837-1)
- 750120 SUSE Enterprise Linux Security Update for qemu (SUSE-SU-2021:1893-1)
- 750124 SUSE Enterprise Linux Security Update for qemu (SUSE-SU-2021:1894-1)
- 750129 SUSE Enterprise Linux Security Update for qemu (SUSE-SU-2021:1895-1)
- 750138 SUSE Enterprise Linux Security Update for qemu (SUSE-SU-2021:1918-1)
- 750149 SUSE Enterprise Linux Security Update for qemu (SUSE-SU-2021:1942-1)
- 750152 SUSE Enterprise Linux Security Update for qemu (SUSE-SU-2021:1947-1)
- 750251 OpenSUSE Security Update for qemu (openSUSE-SU-2021:0600-1)
- 750771 OpenSUSE Security Update for qemu (openSUSE-SU-2021:1942-1)
- 750827 OpenSUSE Security Update for qemu (openSUSE-SU-2021:1043-1)
- 751924 OpenSUSE Security Update for slirp4netns (openSUSE-SU-2022:0943-1)
- 753108 SUSE Enterprise Linux Security Update for slirp4netns (SUSE-SU-2022:0943-1)
- 940118 AlmaLinux Security Update for virt:rhel and virt-devel:rhel (ALSA-2021:1762)
- 960265 Rocky Linux Security Update for virt:rhel and virt-devel:rhel (RLSA-2021:1762)
