#VU27389 Use-after-free in libslirp - CVE-2020-1983


| Updated: 2020-11-03

Vulnerability identifier: #VU27389

Vulnerability risk: Medium

CVSSv4.0: 7.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/U:Green]

CVE-ID: CVE-2020-1983

CWE-ID: CWE-416

Exploitation vector: Network

Exploit availability: Yes

Vulnerable software:
libslirp
Universal components / Libraries / Libraries used by multiple products

Vendor: Freedesktop.org

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a use-after-free error when processing packets within the ip_reass() function in ip_input.c in libslirp. A remote attacker can send a specially crafted packet to the application, trigger a use-after-free error and crash it.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

libslirp: 3.0.0 rc0 - 4.2.0

External links
https://gitlab.freedesktop.org/slirp/libslirp/-/commit/9ac0371bb8c0a40f5d9f82a1c25129660e81df04
https://gitlab.freedesktop.org/slirp/libslirp/-/issues/20

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.


Latest bulletins with this vulnerability


Ubuntu update for qemu
Multiple vulnerabilities in Junos Space
Red Hat OpenStack Platform13 update for qemu-kvm-rhev
Red Hat Virtualization update for qemu-kvm-rhev
Red Hat Enterprise Linux 7 update for qemu-kvm-ma
Amazon Linux AMI update for qemu-kvm
Red Hat Enterprise Linux 8 update for the virt:rhel and virt-devel:rhel modules
Red Hat Enterprise Linux 7 update for qemu-kvm
Red Hat Enterprise Linux 8 update for the container-tools:rhel8 module
OpenSUSE Linux update for qemu