Lucene search

[email protected]NVD:CVE-2020-29129

HistoryNov 26, 2020 - 8:15 p.m.

CVE-2020-29129

2020-11-2620:15:10

CWE-125

[email protected]

web.nvd.nist.gov

libslirp

buffer over-read

vulnerability

ncsi.c

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

AI Score

5.6

Confidence

High

EPSS

0.002

Percentile

64.6%

JSON

ncsi.c in libslirp through 4.3.1 has a buffer over-read because it tries to read a certain amount of header data even if that exceeds the total packet length.

Affected configurations

Nvd

Node

libslirp_projectlibslirpRange≤4.3.1

Node

fedoraprojectfedoraMatch32

fedoraprojectfedoraMatch33

Node

debiandebian_linuxMatch10.0

VendorProductVersionCPE
libslirp_projectlibslirp*cpe:2.3:a:libslirp_project:libslirp:*:*:*:*:*:*:*:*
fedoraprojectfedora32cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
fedoraprojectfedora33cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
debiandebian_linux10.0cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
libslirp_project	libslirp	*	cpe:2.3:a:libslirp_project:libslirp::::::::
fedoraproject	fedora	32	cpe:2.3:o:fedoraproject:fedora:32:::::::*
fedoraproject	fedora	33	cpe:2.3:o:fedoraproject:fedora:33:::::::*
debian	debian_linux	10.0	cpe:2.3:o:debian:debian_linux:10.0:::::::*