← Back to CVEs
CVE-2020-10756
MEDIUM6.5
Description
An out-of-bounds read vulnerability was found in the SLiRP networking implementation of the QEMU emulator. This flaw occurs in the icmp6_send_echoreply() routine while replying to an ICMP echo request, also known as ping. This flaw allows a malicious guest to leak the contents of the host memory, resulting in possible information disclosure. This flaw affects versions of libslirp before 4.3.1.
CVE Details
CVSS v3.1 Score6.5
SeverityMEDIUM
CVSS VectorCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Attack VectorLOCAL
ComplexityLOW
Privileges RequiredLOW
User InteractionNONE
Published7/9/2020
Last Modified11/21/2024
Sourcenvd
Honeypot Sightings0
Affected Products
canonical:ubuntu_linuxdebian:debian_linuxlibslirp_project:libslirpopensuse:leapredhat:enterprise_linuxredhat:openstack
Weaknesses (CWE)
CWE-125
References
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00035.html(secalert@redhat.com)
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00040.html(secalert@redhat.com)
https://bugzilla.redhat.com/show_bug.cgi?id=1835986(secalert@redhat.com)
https://lists.debian.org/debian-lts-announce/2020/07/msg00020.html(secalert@redhat.com)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JYTZ32P67PZER6P7TW6FQK3SZRKQLVEI/(secalert@redhat.com)
https://security.netapp.com/advisory/ntap-20201001-0001/(secalert@redhat.com)
https://usn.ubuntu.com/4437-1/(secalert@redhat.com)
https://usn.ubuntu.com/4467-1/(secalert@redhat.com)
https://www.debian.org/security/2020/dsa-4728(secalert@redhat.com)
https://www.zerodayinitiative.com/advisories/ZDI-20-1005/(secalert@redhat.com)
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00035.html(af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00040.html(af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.redhat.com/show_bug.cgi?id=1835986(af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2020/07/msg00020.html(af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JYTZ32P67PZER6P7TW6FQK3SZRKQLVEI/(af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20201001-0001/(af854a3a-2127-422b-91ae-364da2661108)
https://usn.ubuntu.com/4437-1/(af854a3a-2127-422b-91ae-364da2661108)
https://usn.ubuntu.com/4467-1/(af854a3a-2127-422b-91ae-364da2661108)
https://www.debian.org/security/2020/dsa-4728(af854a3a-2127-422b-91ae-364da2661108)
https://www.zerodayinitiative.com/advisories/ZDI-20-1005/(af854a3a-2127-422b-91ae-364da2661108)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.