ip_reass in ip_input.c in libslirp 4.0.0 has a heap-based buffer overflow via a large packet because it mishandles a case involving the first fragment.

Metrics

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Libslirp Project
  • Libslirp
Redhat
  • Advanced Virtualization
  • Enterprise Linux
  • Openstack
  • Rhel Eus
  • Rhel Extras Other
  • Rhev Manager

Configuration 1 [-]

cpe:2.3:a:libslirp_project:libslirp:4.0.0:*:*:*:*:*:*:*
Package CPE Advisory Released Date
Advanced Virtualization for RHEL 8.1.0
virt:8.1-8010020190927171011.cdc1202b cpe:/a:redhat:advanced_virtualization:8.1::el8 RHBA-2019:3723 2019-11-06T00:00:00Z
virt-devel:8.1-8010020190927171011.cdc1202b cpe:/a:redhat:advanced_virtualization:8.1::el8 RHBA-2019:3723 2019-11-06T00:00:00Z
Red Hat Enterprise Linux 6
qemu-kvm-2:0.12.1.2-2.506.el6_10.6 cpe:/o:redhat:enterprise_linux:6 RHSA-2020:0775 2020-03-10T00:00:00Z
Red Hat Enterprise Linux 7
qemu-kvm-ma-10:2.12.0-33.el7_7.1 cpe:/o:redhat:enterprise_linux:7 RHSA-2019:3968 2019-11-26T00:00:00Z
qemu-kvm-10:1.5.3-167.el7_7.4 cpe:/o:redhat:enterprise_linux:7 RHSA-2020:0366 2020-02-04T00:00:00Z
Red Hat Enterprise Linux 7.6 Extended Update Support
qemu-kvm-ma-10:2.12.0-18.el7_6.6 cpe:/o:redhat:rhel_eus:7.6 RHSA-2020:2065 2020-05-11T00:00:00Z
qemu-kvm-10:1.5.3-160.el7_6.6 cpe:/o:redhat:rhel_eus:7.6 RHSA-2020:2126 2020-05-13T00:00:00Z
Red Hat Enterprise Linux 7 Extras
slirp4netns-0:0.3.0-8.el7_7 cpe:/a:redhat:rhel_extras_other:7 RHSA-2020:0889 2020-03-17T00:00:00Z
Red Hat Enterprise Linux 8
virt-devel:rhel-8000020190828150510.f8e95b4e cpe:/a:redhat:enterprise_linux:8 RHBA-2019:2715 2019-09-12T00:00:00Z
virt:rhel-8000020190828150510.f8e95b4e cpe:/a:redhat:enterprise_linux:8 RHBA-2019:2715 2019-09-12T00:00:00Z
container-tools:rhel8-8010020190927090915.4985cc55 cpe:/a:redhat:enterprise_linux:8 RHSA-2019:3403 2019-11-05T00:00:00Z
container-tools:1.0-8010020190927091243.4985cc55 cpe:/a:redhat:enterprise_linux:8 RHSA-2019:3494 2019-11-05T00:00:00Z
Red Hat OpenStack Platform 10.0 (Newton)
qemu-kvm-rhev-10:2.12.0-33.el7_7.4 cpe:/a:redhat:openstack:10::el7 RHSA-2019:4344 2019-12-19T00:00:00Z
Red Hat OpenStack Platform 13.0 (Queens)
qemu-kvm-rhev-10:2.12.0-33.el7_7.4 cpe:/a:redhat:openstack:13::el7 RHSA-2019:3787 2019-11-07T00:00:00Z
Red Hat OpenStack Platform 14.0 (Rocky)
qemu-kvm-rhev-10:2.12.0-33.el7_7.4 cpe:/a:redhat:openstack:14::el7 RHSA-2019:3742 2019-11-06T00:00:00Z
Red Hat Virtualization 4 for Red Hat Enterprise Linux 7
qemu-kvm-rhev-10:2.12.0-33.el7_7.4 cpe:/o:redhat:enterprise_linux:7::hypervisor RHSA-2019:3179 2019-10-23T00:00:00Z
qemu-kvm-rhev-10:2.12.0-44.el7 cpe:/o:redhat:enterprise_linux:7::hypervisor RHSA-2020:1216 2020-03-31T00:00:00Z
Red Hat Virtualization Engine 4.2
qemu-kvm-rhev-10:2.12.0-18.el7_6.11 cpe:/a:redhat:rhev_manager:4.2 RHSA-2020:2342 2020-06-01T00:00:00Z
Red Hat Virtualization Engine 4.3
qemu-kvm-rhev-10:2.12.0-33.el7_7.4 cpe:/a:redhat:rhev_manager:4.3 RHSA-2019:3179 2019-10-23T00:00:00Z
qemu-kvm-rhev-10:2.12.0-44.el7 cpe:/a:redhat:rhev_manager:4.3 RHSA-2020:1216 2020-03-31T00:00:00Z
References
Link Providers
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00000.html cve-icon cve-icon
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00008.html cve-icon cve-icon
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00034.html cve-icon cve-icon
http://packetstormsecurity.com/files/154269/QEMU-Denial-Of-Service.html cve-icon cve-icon
http://www.openwall.com/lists/oss-security/2019/08/01/2 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2019:3179 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2019:3403 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2019:3494 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2019:3742 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2019:3787 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2019:3968 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2019:4344 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2020:0366 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2020:0775 cve-icon cve-icon
https://blog.bi0s.in/2019/08/24/Pwn/VM-Escape/2019-07-29-qemu-vm-escape-cve-2019-14378/ cve-icon cve-icon
https://gitlab.freedesktop.org/slirp/libslirp/commit/126c04acbabd7ad32c2b018fe10dfac2a3bc1210 cve-icon cve-icon
https://lists.debian.org/debian-lts-announce/2019/09/msg00021.html cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UPLHB2AN663OXAWUQURF7J2X5LHD4VD3/ cve-icon cve-icon
https://news.ycombinator.com/item?id=20799010 cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2019-14378 cve-icon
https://seclists.org/bugtraq/2019/Aug/41 cve-icon cve-icon
https://seclists.org/bugtraq/2019/Sep/3 cve-icon cve-icon
https://support.f5.com/csp/article/K25423748 cve-icon cve-icon
https://support.f5.com/csp/article/K25423748?utm_source=f5support&amp%3Butm_medium=RSS cve-icon cve-icon
https://usn.ubuntu.com/4191-1/ cve-icon cve-icon
https://usn.ubuntu.com/4191-2/ cve-icon cve-icon
https://www.cve.org/CVERecord?id=CVE-2019-14378 cve-icon
https://www.debian.org/security/2019/dsa-4506 cve-icon cve-icon
https://www.debian.org/security/2019/dsa-4512 cve-icon cve-icon
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2024-08-05T00:19:40.277Z

Reserved: 2019-07-29T00:00:00

Link: CVE-2019-14378

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2019-07-29T11:15:11.577

Modified: 2024-11-21T04:26:37.327

Link: CVE-2019-14378

cve-icon Redhat

Severity : Important

Publid Date: 2019-07-28T00:00:00Z

Links: CVE-2019-14378 - Bugzilla