A heap buffer overflow issue was found in the SLiRP networking implementation of the QEMU emulator. This flaw occurs in the tcp_emu() routine while emulating IRC and other protocols. An attacker could use this flaw to crash the QEMU process on the host, resulting in a denial of service or potential execution of arbitrary code with privileges of the QEMU process.
Platform | Package | Release Date | Advisory |
---|---|---|---|
Amazon Linux 2 - Core | qemu | 2020-03-23 16:27 | ALAS2-2020-1407 |
Amazon Linux 1 | qemu-kvm | 2020-07-27 23:58 | ALAS-2020-1408 |
Amazon Linux 1 | qemu-kvm | 2020-07-14 20:27 | ALAS-2020-1400 |
Score Type | Score | Vector | |
---|---|---|---|
Amazon Linux | CVSSv3 | 5.6 | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L |
NVD | CVSSv2 | 6.8 | AV:N/AC:M/Au:N/C:P/I:P/A:P |
NVD | CVSSv3 | 5.6 | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L |