← Voltar para CVEs
CVE-2020-10756
MEDIUM6.5
Descricao
An out-of-bounds read vulnerability was found in the SLiRP networking implementation of the QEMU emulator. This flaw occurs in the icmp6_send_echoreply() routine while replying to an ICMP echo request, also known as ping. This flaw allows a malicious guest to leak the contents of the host memory, resulting in possible information disclosure. This flaw affects versions of libslirp before 4.3.1.
Detalhes CVE
Pontuacao CVSS v3.16.5
SeveridadeMEDIUM
Vetor CVSSCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Vetor de ataqueLOCAL
ComplexidadeLOW
Privilegios necessariosLOW
Interacao do usuarioNONE
Publicado7/9/2020
Ultima modificacao11/21/2024
Fontenvd
Avistamentos honeypot0
Produtos afetados
canonical:ubuntu_linuxdebian:debian_linuxlibslirp_project:libslirpopensuse:leapredhat:enterprise_linuxredhat:openstack
Fraquezas (CWE)
CWE-125
Referencias
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00035.html(secalert@redhat.com)
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00040.html(secalert@redhat.com)
https://bugzilla.redhat.com/show_bug.cgi?id=1835986(secalert@redhat.com)
https://lists.debian.org/debian-lts-announce/2020/07/msg00020.html(secalert@redhat.com)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JYTZ32P67PZER6P7TW6FQK3SZRKQLVEI/(secalert@redhat.com)
https://security.netapp.com/advisory/ntap-20201001-0001/(secalert@redhat.com)
https://usn.ubuntu.com/4437-1/(secalert@redhat.com)
https://usn.ubuntu.com/4467-1/(secalert@redhat.com)
https://www.debian.org/security/2020/dsa-4728(secalert@redhat.com)
https://www.zerodayinitiative.com/advisories/ZDI-20-1005/(secalert@redhat.com)
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00035.html(af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00040.html(af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.redhat.com/show_bug.cgi?id=1835986(af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2020/07/msg00020.html(af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JYTZ32P67PZER6P7TW6FQK3SZRKQLVEI/(af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20201001-0001/(af854a3a-2127-422b-91ae-364da2661108)
https://usn.ubuntu.com/4437-1/(af854a3a-2127-422b-91ae-364da2661108)
https://usn.ubuntu.com/4467-1/(af854a3a-2127-422b-91ae-364da2661108)
https://www.debian.org/security/2020/dsa-4728(af854a3a-2127-422b-91ae-364da2661108)
https://www.zerodayinitiative.com/advisories/ZDI-20-1005/(af854a3a-2127-422b-91ae-364da2661108)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.