SB2020021193 - Multiple vulnerabilities in Red Hat OpenShift Container Platform 4.3 packages
Published: February 11, 2020 Updated: April 24, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 2 secuirty vulnerabilities.
1) Heap-based buffer overflow (CVE-ID: CVE-2020-7039)
The vulnerability allows an attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the tcp_emu() function in tcp_subr.c in libslirp. An attacker can issue specially crafted IRC DCC commands in EMU_IRC, trigger heap-based buffer overflow and execute arbitrary code on the target system.
2) Path traversal (CVE-ID: CVE-2020-7211)
The vulnerability allows an attacker to perform directory traversal attacks.
The vulnerability exists due to input validation error when processing directory traversal sequences within tftp.c in libslirp. A remote attacker can send a specially crafted TFPT request and read arbitrary files on the Windows system.
Remediation
Install update from vendor's website.