Skip to content

CVE-2019-6778 buffer overflow (QEMU)

High
AkihiroSuda published GHSA-j2r5-xwp8-m8m9 Aug 9, 2019 · 1 comment

Package

slirp4netns

Affected versions

v0.2.0, v0.3.0-alpha.1, and prior versions

Patched versions

v0.2.1, v0.3.0-alpha.2, and later

Description

Impact

https://security-tracker.debian.org/tracker/CVE-2019-6778

In QEMU 3.0.0, tcp_emu in slirp/tcp_subr.c has a heap-based buffer overflow.

QEMU is known to be escapable by exploiting this vulnerability, and probably rootless containers can be compromised as well.

Patches

On upstream QEMU, the vulnerability was fixed on Jan 14, 2019 qemu/qemu@a7104ed#diff-5fc9b1ec366ced0ecf3cdfd4b142add5

The fix was to applied to slirp4netns in:

  • 9341687 (Jan 26, 2019; included in v0.2.1)
  • d781170 ((Jan 26, 2019; included in v0.3.0-alpha.2)

Severity

High

CVE ID

CVE-2019-6778

Weaknesses

No CWEs