← Retour aux CVEs
CVE-2020-10756
MEDIUM6.5
Description
An out-of-bounds read vulnerability was found in the SLiRP networking implementation of the QEMU emulator. This flaw occurs in the icmp6_send_echoreply() routine while replying to an ICMP echo request, also known as ping. This flaw allows a malicious guest to leak the contents of the host memory, resulting in possible information disclosure. This flaw affects versions of libslirp before 4.3.1.
Details CVE
Score CVSS v3.16.5
SeveriteMEDIUM
Vecteur CVSSCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Vecteur d'attaqueLOCAL
ComplexiteLOW
Privileges requisLOW
Interaction utilisateurNONE
Publie7/9/2020
Derniere modification11/21/2024
Sourcenvd
Observations honeypot0
Produits affectes
canonical:ubuntu_linuxdebian:debian_linuxlibslirp_project:libslirpopensuse:leapredhat:enterprise_linuxredhat:openstack
Faiblesses (CWE)
CWE-125
References
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00035.html(secalert@redhat.com)
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00040.html(secalert@redhat.com)
https://bugzilla.redhat.com/show_bug.cgi?id=1835986(secalert@redhat.com)
https://lists.debian.org/debian-lts-announce/2020/07/msg00020.html(secalert@redhat.com)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JYTZ32P67PZER6P7TW6FQK3SZRKQLVEI/(secalert@redhat.com)
https://security.netapp.com/advisory/ntap-20201001-0001/(secalert@redhat.com)
https://usn.ubuntu.com/4437-1/(secalert@redhat.com)
https://usn.ubuntu.com/4467-1/(secalert@redhat.com)
https://www.debian.org/security/2020/dsa-4728(secalert@redhat.com)
https://www.zerodayinitiative.com/advisories/ZDI-20-1005/(secalert@redhat.com)
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00035.html(af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00040.html(af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.redhat.com/show_bug.cgi?id=1835986(af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2020/07/msg00020.html(af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JYTZ32P67PZER6P7TW6FQK3SZRKQLVEI/(af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20201001-0001/(af854a3a-2127-422b-91ae-364da2661108)
https://usn.ubuntu.com/4437-1/(af854a3a-2127-422b-91ae-364da2661108)
https://usn.ubuntu.com/4467-1/(af854a3a-2127-422b-91ae-364da2661108)
https://www.debian.org/security/2020/dsa-4728(af854a3a-2127-422b-91ae-364da2661108)
https://www.zerodayinitiative.com/advisories/ZDI-20-1005/(af854a3a-2127-422b-91ae-364da2661108)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.