Lucene search
Veracode Vulnerability DatabaseVERACODE:29424HistoryFeb 18, 2021 - 11:42 p.m.
Information Disclosure
2021-02-1823:42:02
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
20
0.004 Low
EPSS
Percentile
72.7%
libslirp is vulnerable to information disclosure. A buffer over-read in slirp.c allows reading of a certain amount of header data pass the total packet length.
| CPE | Name | Operator | Version |
|---|---|---|---|
| qemu:stretch | eq | 1:2.8+dfsg-6+deb9u9 | |
| libslirp | eq | 4.3.0-r0 | |
| libslirp | eq | 4.2.0-r0 |
References
www.openwall.com/lists/oss-security/2020/11/27/1
lists.debian.org/debian-lts-announce/2021/02/msg00024.html
lists.fedoraproject.org/archives/list/[email protected]/message/45S5IHSWYITJKMRT23HCHJQDI674AMTQ/
lists.fedoraproject.org/archives/list/[email protected]/message/OPCOHDEONMHH6QPJZKRLLCNRGRYODG7X/
lists.freedesktop.org/archives/slirp/2020-November/000115.html
security-tracker.debian.org/tracker/CVE-2020-29130
Related
nessus
nessus
SUSE SLES15 Security Update : slirp4netns (SUSE-SU-2022:0943-1)
2022-03-25 00:00:00
openSUSE 15 Security Update : slirp4netns (openSUSE-SU-2022:0943-1)
2022-03-25 00:00:00
Fedora 33 : libslirp (2020-77f93f41be)
2020-12-14 00:00:00
osv
osv
CVE-2020-29130
2020-11-26 20:15:10
libslirp vulnerabilities
2021-07-15 17:23:21
qemu - security update
2021-02-16 00:00:00
cve
cve
CVE-2020-29130
2020-11-26 20:15:10
debiancve
debiancve
CVE-2020-29130
2020-11-26 20:15:10
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2022:0943-1)
2022-03-25 00:00:00
openSUSE: Security Advisory for slirp4netns (openSUSE-SU-2022:0943-1)
2022-03-25 00:00:00
Fedora: Security Advisory for libslirp (FEDORA-2020-77f93f41be)
2020-12-14 00:00:00
nvd
nvd
CVE-2020-29130
2020-11-26 20:15:10
prion
prion
Buffer overflow
2020-11-26 20:15:00
suse
suse
Security update for slirp4netns (moderate)
2022-03-24 00:00:00
Security update for qemu (important)
2021-07-11 00:00:00
Security update for qemu (moderate)
2021-07-14 00:00:00
cvelist
cvelist
CVE-2020-29130
2020-11-26 00:00:00
ubuntucve
ubuntucve
CVE-2020-29130
2020-11-26 00:00:00
redhatcve
redhatcve
CVE-2020-29130
2020-11-27 13:22:37
alpinelinux
alpinelinux
CVE-2020-29130
2020-11-26 20:15:10
fedora
fedora
[SECURITY] Fedora 32 Update: libslirp-4.3.1-3.fc32
2020-12-13 02:35:41
[SECURITY] Fedora 33 Update: libslirp-4.3.1-3.fc33
2020-12-13 02:10:05
archlinux
archlinux
[ASA-202012-7] libslirp: information disclosure
2020-12-05 00:00:00
ubuntu
ubuntu
libslirp vulnerabilities
2021-07-15 00:00:00
libslirp vulnerabilities
2021-10-26 00:00:00
amazon
amazon
Medium: qemu
2021-06-16 20:37:00
debian
debian
[SECURITY] [DLA 2560-1] qemu security update
2021-02-18 16:57:32
[SECURITY] [DLA 3362-1] qemu security update
2023-03-14 21:01:53
oraclelinux
oraclelinux
virt:ol and virt-devel:rhel security, bug fix, and enhancement update
2021-05-25 00:00:00
qemu security update
2022-01-04 00:00:00
virt:kvm_utils security update
2022-02-25 00:00:00
rocky
rocky
virt:rhel and virt-devel:rhel security, bug fix, and enhancement update
2021-05-18 06:02:26
almalinux
almalinux
redhat
redhat