CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
EPSS
Percentile
66.1%
Severity: Medium
Date : 2020-12-05
CVE-ID : CVE-2020-29129 CVE-2020-29130
Package : libslirp
Type : information disclosure
Remote : No
Link : https://security.archlinux.org/AVG-1305
The package libslirp before version 4.4.0-1 is vulnerable to
information disclosure.
Upgrade to 4.4.0-1.
The problems have been fixed upstream in version 4.4.0.
None.
ncsi.c in libslirp through 4.3.1 has a buffer over-read because it
tries to read a certain amount of header data even if that exceeds the
total packet length. A privileged guest user may use this flaw to
potentially leak host information bytes.
slirp.c in libslirp through 4.3.1 has a buffer over-read because it
tries to read a certain amount of header data even if that exceeds the
total packet length. A privileged guest user may use this flaw to
potentially leak host information bytes.
A privileged guest user may be able to access sensitive information
from the host memory.
https://www.openwall.com/lists/oss-security/2020/11/27/1
https://gitlab.freedesktop.org/slirp/libslirp/-/commit/2e1dcbc0c2af64fcb17009eaf2ceedd81be2b27f
https://git.qemu.org/?p=qemu.git;a=commitdiff;h=37c0c885d19a4c2d69faed891b5c02aaffbdccfb
https://security.archlinux.org/CVE-2020-29129
https://security.archlinux.org/CVE-2020-29130
git.qemu.org/?p=qemu.git;a=commitdiff;h=37c0c885d19a4c2d69faed891b5c02aaffbdccfb
gitlab.freedesktop.org/slirp/libslirp/-/commit/2e1dcbc0c2af64fcb17009eaf2ceedd81be2b27f
security.archlinux.org/AVG-1305
security.archlinux.org/CVE-2020-29129
security.archlinux.org/CVE-2020-29130
www.openwall.com/lists/oss-security/2020/11/27/1
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
EPSS
Percentile
66.1%