We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
https://security-tracker.debian.org/tracker/CVE-2020-1983
A use after free vulnerability in ip_reass() in ip_input.c of libslirp ...
https://gitlab.freedesktop.org/slirp/libslirp/-/issues/20
Fixed in libslirp v4.3.0.
Run slirp4netns --version to show the libslirp version linked with your slirp4netns binary.
slirp4netns --version
$ slirp4netns --version slirp4netns version 1.0.0 commit: a3be729152a33e692cd28b52f664defbf2e7810a libslirp: 4.3.0
If your libslirp version is >= 4.3.0, you are not affected. Otherwise you need to update libslirp to v4.3.0, but no need to update slirp4netns.
Fixed in slirp4netns v0.4.5. Statically linked with libslirp v4.3.0. a52e0fe
https://security-tracker.debian.org/tracker/CVE-2020-1983
https://gitlab.freedesktop.org/slirp/libslirp/-/issues/20
Fixed in libslirp v4.3.0.
slirp4netns v1.0.X (dynamically linked with libslirp)
Run
slirp4netns --versionto show the libslirp version linked with your slirp4netns binary.If your libslirp version is >= 4.3.0, you are not affected.
Otherwise you need to update libslirp to v4.3.0, but no need to update slirp4netns.
slirp4netns v0.4.X (statically linked with libslirp)
Fixed in slirp4netns v0.4.5. Statically linked with libslirp v4.3.0.
a52e0fe