{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "libslirp 4.0.0, as used in QEMU 4.1.0, has a use-after-free in ip_reass in ip_input.c."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-03-11T11:06:28", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://gitlab.freedesktop.org/slirp/libslirp/commit/c5927943"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.openwall.com/lists/oss-security/2019/09/06/3"}, {"name": "[debian-lts-announce] 20190920 [SECURITY] [DLA 1927-1] qemu security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00021.html"}, {"name": "USN-4191-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/4191-2/"}, {"name": "openSUSE-SU-2019:2510", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00034.html"}, {"name": "USN-4191-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/4191-1/"}, {"name": "20200203 [SECURITY] [DSA 4616-1] qemu security update", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "https://seclists.org/bugtraq/2020/Feb/0"}, {"name": "DSA-4616", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2020/dsa-4616"}, {"name": "RHSA-2020:0775", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2020:0775"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-15890", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "libslirp 4.0.0, as used in QEMU 4.1.0, has a use-after-free in ip_reass in ip_input.c."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://gitlab.freedesktop.org/slirp/libslirp/commit/c5927943", "refsource": "MISC", "url": "https://gitlab.freedesktop.org/slirp/libslirp/commit/c5927943"}, {"name": "http://www.openwall.com/lists/oss-security/2019/09/06/3", "refsource": "CONFIRM", "url": "http://www.openwall.com/lists/oss-security/2019/09/06/3"}, {"name": "[debian-lts-announce] 20190920 [SECURITY] [DLA 1927-1] qemu security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00021.html"}, {"name": "USN-4191-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4191-2/"}, {"name": "openSUSE-SU-2019:2510", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00034.html"}, {"name": "USN-4191-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4191-1/"}, {"name": "20200203 [SECURITY] [DSA 4616-1] qemu security update", "refsource": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2020/Feb/0"}, {"name": "DSA-4616", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2020/dsa-4616"}, {"name": "RHSA-2020:0775", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2020:0775"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T01:03:31.933Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://gitlab.freedesktop.org/slirp/libslirp/commit/c5927943"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2019/09/06/3"}, {"name": "[debian-lts-announce] 20190920 [SECURITY] [DLA 1927-1] qemu security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00021.html"}, {"name": "USN-4191-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/4191-2/"}, {"name": "openSUSE-SU-2019:2510", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00034.html"}, {"name": "USN-4191-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/4191-1/"}, {"name": "20200203 [SECURITY] [DSA 4616-1] qemu security update", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "https://seclists.org/bugtraq/2020/Feb/0"}, {"name": "DSA-4616", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "https://www.debian.org/security/2020/dsa-4616"}, {"name": "RHSA-2020:0775", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2020:0775"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-15890", "datePublished": "2019-09-06T16:55:12", "dateReserved": "2019-09-03T00:00:00", "dateUpdated": "2024-08-05T01:03:31.933Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:libslirp_project:libslirp:4.0.0:-:*:*:*:*:*:*", "matchCriteriaId": "46449B76-CE3F-4932-9266-294FF47E7B8B", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:qemu:qemu:4.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "14EA5400-9958-43EF-91CA-FEB3231B9C97", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "libslirp 4.0.0, as used in QEMU 4.1.0, has a use-after-free in ip_reass in ip_input.c."}, {"lang": "es", "value": "libslirp versi\u00f3n 4.0.0, como es usado en QEMU versi\u00f3n 4.1.0, presenta un uso de la memoria previamente liberada en la funci\u00f3n ip_reass en el archivo ip_input.c."}], "id": "CVE-2019-15890", "lastModified": "2024-11-21T04:29:40.387", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-09-06T17:15:11.697", "references": [{"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00034.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2019/09/06/3"}, {"source": "cve@mitre.org", "url": "https://access.redhat.com/errata/RHSA-2020:0775"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://gitlab.freedesktop.org/slirp/libslirp/commit/c5927943"}, {"source": "cve@mitre.org", "url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00021.html"}, {"source": "cve@mitre.org", "url": "https://seclists.org/bugtraq/2020/Feb/0"}, {"source": "cve@mitre.org", "url": "https://usn.ubuntu.com/4191-1/"}, {"source": "cve@mitre.org", "url": "https://usn.ubuntu.com/4191-2/"}, {"source": "cve@mitre.org", "url": "https://www.debian.org/security/2020/dsa-4616"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00034.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2019/09/06/3"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2020:0775"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://gitlab.freedesktop.org/slirp/libslirp/commit/c5927943"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00021.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://seclists.org/bugtraq/2020/Feb/0"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://usn.ubuntu.com/4191-1/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://usn.ubuntu.com/4191-2/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.debian.org/security/2020/dsa-4616"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-416"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHBA-2020:3172", "cpe": "cpe:/a:redhat:advanced_virtualization:8.2::el8", "package": "virt:8.2-8020120200707202843.11e3e113", "product_name": "Advanced Virtualization for RHEL 8.2.1", "release_date": "2020-07-28T00:00:00Z"}, {"advisory": "RHBA-2020:3172", "cpe": "cpe:/a:redhat:advanced_virtualization:8.2::el8", "package": "virt-devel:8.2-8020120200707202843.11e3e113", "product_name": "Advanced Virtualization for RHEL 8.2.1", "release_date": "2020-07-28T00:00:00Z"}, {"advisory": "RHSA-2020:0775", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "qemu-kvm-2:0.12.1.2-2.506.el6_10.6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2020-03-10T00:00:00Z"}, {"advisory": "RHSA-2020:0889", "cpe": "cpe:/a:redhat:rhel_extras_other:7", "package": "slirp4netns-0:0.3.0-8.el7_7", "product_name": "Red Hat Enterprise Linux 7 Extras", "release_date": "2020-03-17T00:00:00Z"}, {"advisory": "RHSA-2020:0348", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "container-tools:rhel8-8010120200116121758.53d07e52", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2020-02-04T00:00:00Z"}, {"advisory": "RHSA-2020:4676", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "virt-devel:rhel-8030020200909014558.30b713e6", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2020-11-04T00:00:00Z"}, {"advisory": "RHSA-2020:4676", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "virt:rhel-8030020200909014558.30b713e6", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2020-11-04T00:00:00Z"}], "bugzilla": {"description": "QEMU: Slirp: use-after-free during packet reassembly", "id": "1749716", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1749716"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.6", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-416", "details": ["libslirp 4.0.0, as used in QEMU 4.1.0, has a use-after-free in ip_reass in ip_input.c.", "A use-after-free issue was found in the SLiRP networking implementation of the QEMU emulator. The issue occurs in ip_reass() routine while reassembling incoming packets, if the first fragment is bigger than the m->m_dat[] buffer. A user or process could use this flaw to crash the QEMU process on the host, resulting in a denial of service."], "name": "CVE-2019-15890", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Out of support scope", "package_name": "kvm", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "xen", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "qemu-kvm", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "qemu-kvm-ma", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "qemu-kvm-rhev", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Out of support scope", "package_name": "container-tools:1.0/slirp4netns", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/a:redhat:advanced_virtualization:8::el8", "fix_state": "Affected", "package_name": "qemu-kvm", "product_name": "Red Hat Enterprise Linux 8 Advanced Virtualization"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "slirp4netns", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openstack:10", "fix_state": "Fix deferred", "impact": "low", "package_name": "qemu-kvm-rhev", "product_name": "Red Hat OpenStack Platform 10 (Newton)"}, {"cpe": "cpe:/a:redhat:openstack:13", "fix_state": "Fix deferred", "impact": "low", "package_name": "qemu-kvm-rhev", "product_name": "Red Hat OpenStack Platform 13 (Queens)"}, {"cpe": "cpe:/a:redhat:openstack:14", "fix_state": "Out of support scope", "impact": "low", "package_name": "qemu-kvm-rhev", "product_name": "Red Hat OpenStack Platform 14 (Rocky)"}], "public_date": "2019-08-25T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2019-15890\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-15890"], "statement": "Red Hat OpenStack Platform:                                                                                                                 \n* This flaw impacts KVM user-mode or SLIRP networking, which is not used in Red Hat OpenStack Platform. Although updating is recommended for affected versions (see below), Red Hat OpenStack Platform environments are not vulnerable.", "threat_severity": "Moderate"}