← Volver a CVEs
CVE-2020-10756
MEDIUM6.5
Descripcion
An out-of-bounds read vulnerability was found in the SLiRP networking implementation of the QEMU emulator. This flaw occurs in the icmp6_send_echoreply() routine while replying to an ICMP echo request, also known as ping. This flaw allows a malicious guest to leak the contents of the host memory, resulting in possible information disclosure. This flaw affects versions of libslirp before 4.3.1.
Detalles CVE
Puntuacion CVSS v3.16.5
SeveridadMEDIUM
Vector CVSSCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Vector de ataqueLOCAL
ComplejidadLOW
Privilegios requeridosLOW
Interaccion usuarioNONE
Publicado7/9/2020
Ultima modificacion11/21/2024
Fuentenvd
Avistamientos honeypot0
Productos afectados
canonical:ubuntu_linuxdebian:debian_linuxlibslirp_project:libslirpopensuse:leapredhat:enterprise_linuxredhat:openstack
Debilidades (CWE)
CWE-125
Referencias
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00035.html(secalert@redhat.com)
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00040.html(secalert@redhat.com)
https://bugzilla.redhat.com/show_bug.cgi?id=1835986(secalert@redhat.com)
https://lists.debian.org/debian-lts-announce/2020/07/msg00020.html(secalert@redhat.com)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JYTZ32P67PZER6P7TW6FQK3SZRKQLVEI/(secalert@redhat.com)
https://security.netapp.com/advisory/ntap-20201001-0001/(secalert@redhat.com)
https://usn.ubuntu.com/4437-1/(secalert@redhat.com)
https://usn.ubuntu.com/4467-1/(secalert@redhat.com)
https://www.debian.org/security/2020/dsa-4728(secalert@redhat.com)
https://www.zerodayinitiative.com/advisories/ZDI-20-1005/(secalert@redhat.com)
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00035.html(af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00040.html(af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.redhat.com/show_bug.cgi?id=1835986(af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2020/07/msg00020.html(af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JYTZ32P67PZER6P7TW6FQK3SZRKQLVEI/(af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20201001-0001/(af854a3a-2127-422b-91ae-364da2661108)
https://usn.ubuntu.com/4437-1/(af854a3a-2127-422b-91ae-364da2661108)
https://usn.ubuntu.com/4467-1/(af854a3a-2127-422b-91ae-364da2661108)
https://www.debian.org/security/2020/dsa-4728(af854a3a-2127-422b-91ae-364da2661108)
https://www.zerodayinitiative.com/advisories/ZDI-20-1005/(af854a3a-2127-422b-91ae-364da2661108)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.