2020-05-10
ALT-BU-2020-3804-1
Branch sisyphus update bulletin.
Closed vulnerabilities
Published: 2020-04-20
BDU:2021-03631
Уязвимость функции ip_reass() библиотеки TCP-IP эмулятора Libslirp, связанная с использованием памяти после её освобождения, позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (6.5)
Vector: AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
References:
Published: 2020-04-22
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2020-1983
A use after free vulnerability in ip_reass() in ip_input.c of libslirp 4.2.0 and prior releases allows crafted packets to cause a denial of service.
Severity: MEDIUM (6.5)
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
References:
- openSUSE-SU-2020:0636
- openSUSE-SU-2020:0636
- openSUSE-SU-2020:0756
- openSUSE-SU-2020:0756
- https://gitlab.freedesktop.org/slirp/libslirp/-/commit/9ac0371bb8c0a40f5d9f82a1c25129660e81df04
- https://gitlab.freedesktop.org/slirp/libslirp/-/commit/9ac0371bb8c0a40f5d9f82a1c25129660e81df04
- https://gitlab.freedesktop.org/slirp/libslirp/-/issues/20
- https://gitlab.freedesktop.org/slirp/libslirp/-/issues/20
- [debian-lts-announce] 20200629 [SECURITY] [DLA 2262-1] qemu security update
- [debian-lts-announce] 20200629 [SECURITY] [DLA 2262-1] qemu security update
- [debian-lts-announce] 20200726 [SECURITY] [DLA 2288-1] qemu security update
- [debian-lts-announce] 20200726 [SECURITY] [DLA 2288-1] qemu security update
- FEDORA-2020-30c45be10c
- FEDORA-2020-30c45be10c
- FEDORA-2020-1608d52724
- FEDORA-2020-1608d52724
- USN-4372-1
- USN-4372-1
- DSA-4665
- DSA-4665