CVE-2019-15890 - OpenCVE

libslirp 4.0.0, as used in QEMU 4.1.0, has a use-after-free in ip_reass in ip_input.c.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Libslirp Project	Libslirp
Qemu	Qemu

Configuration 1 [-]

cpe:2.3:a:libslirp_project:libslirp:4.0.0:-:*:*:*:*:*:*

Configuration 2 [-]

cpe:2.3:a:qemu:qemu:4.1.0:*:*:*:*:*:*:*

References

Link	Resource
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00034.html
http://www.openwall.com/lists/oss-security/2019/09/06/3	Mailing List Patch Third Party Advisory
https://access.redhat.com/errata/RHSA-2020:0775
https://gitlab.freedesktop.org/slirp/libslirp/commit/c5927943	Patch Third Party Advisory
https://lists.debian.org/debian-lts-announce/2019/09/msg00021.html
https://seclists.org/bugtraq/2020/Feb/0
https://usn.ubuntu.com/4191-1/
https://usn.ubuntu.com/4191-2/
https://www.debian.org/security/2020/dsa-4616

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2019-09-06T16:55:12

Updated: 2020-03-11T11:06:28

Reserved: 2019-09-03T00:00:00

Link: CVE-2019-15890

JSON object: View

NVD Information

Status : Modified

Published: 2019-09-06T17:15:11.697

Modified: 2019-09-20T11:15:12.767

Link: CVE-2019-15890

JSON object: View

Redhat Information

No data.

CWE

CWE-416

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "libslirp 4.0.0, as used in QEMU 4.1.0, has a use-after-free in ip_reass in ip_input.c."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-03-11T11:06:28", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://gitlab.freedesktop.org/slirp/libslirp/commit/c5927943"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.openwall.com/lists/oss-security/2019/09/06/3"}, {"name": "[debian-lts-announce] 20190920 [SECURITY] [DLA 1927-1] qemu security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00021.html"}, {"name": "USN-4191-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/4191-2/"}, {"name": "openSUSE-SU-2019:2510", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00034.html"}, {"name": "USN-4191-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/4191-1/"}, {"name": "20200203 [SECURITY] [DSA 4616-1] qemu security update", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "https://seclists.org/bugtraq/2020/Feb/0"}, {"name": "DSA-4616", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2020/dsa-4616"}, {"name": "RHSA-2020:0775", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2020:0775"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-15890", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "libslirp 4.0.0, as used in QEMU 4.1.0, has a use-after-free in ip_reass in ip_input.c."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://gitlab.freedesktop.org/slirp/libslirp/commit/c5927943", "refsource": "MISC", "url": "https://gitlab.freedesktop.org/slirp/libslirp/commit/c5927943"}, {"name": "http://www.openwall.com/lists/oss-security/2019/09/06/3", "refsource": "CONFIRM", "url": "http://www.openwall.com/lists/oss-security/2019/09/06/3"}, {"name": "[debian-lts-announce] 20190920 [SECURITY] [DLA 1927-1] qemu security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00021.html"}, {"name": "USN-4191-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4191-2/"}, {"name": "openSUSE-SU-2019:2510", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00034.html"}, {"name": "USN-4191-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4191-1/"}, {"name": "20200203 [SECURITY] [DSA 4616-1] qemu security update", "refsource": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2020/Feb/0"}, {"name": "DSA-4616", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2020/dsa-4616"}, {"name": "RHSA-2020:0775", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2020:0775"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-15890", "datePublished": "2019-09-06T16:55:12", "dateReserved": "2019-09-03T00:00:00", "dateUpdated": "2020-03-11T11:06:28", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:libslirp_project:libslirp:4.0.0:-:*:*:*:*:*:*", "matchCriteriaId": "46449B76-CE3F-4932-9266-294FF47E7B8B", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:qemu:qemu:4.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "14EA5400-9958-43EF-91CA-FEB3231B9C97", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "libslirp 4.0.0, as used in QEMU 4.1.0, has a use-after-free in ip_reass in ip_input.c."}, {"lang": "es", "value": "libslirp versi\u00f3n 4.0.0, como es usado en QEMU versi\u00f3n 4.1.0, presenta un uso de la memoria previamente liberada en la funci\u00f3n ip_reass en el archivo ip_input.c."}], "id": "CVE-2019-15890", "lastModified": "2019-09-20T11:15:12.767", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-09-06T17:15:11.697", "references": [{"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00034.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2019/09/06/3"}, {"source": "cve@mitre.org", "url": "https://access.redhat.com/errata/RHSA-2020:0775"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://gitlab.freedesktop.org/slirp/libslirp/commit/c5927943"}, {"source": "cve@mitre.org", "url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00021.html"}, {"source": "cve@mitre.org", "url": "https://seclists.org/bugtraq/2020/Feb/0"}, {"source": "cve@mitre.org", "url": "https://usn.ubuntu.com/4191-1/"}, {"source": "cve@mitre.org", "url": "https://usn.ubuntu.com/4191-2/"}, {"source": "cve@mitre.org", "url": "https://www.debian.org/security/2020/dsa-4616"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-416"}], "source": "nvd@nist.gov", "type": "Primary"}]}