CVE-2020-10756

An out-of-bounds read vulnerability was found in the SLiRP networking implementation of the QEMU emulator. This flaw occurs in the icmp6_send_echoreply() routine while replying to an ICMP echo request, also known as ping. This flaw allows a malicious guest to leak the contents of the host memory, resulting in possible information disclosure. This flaw affects versions of libslirp before 4.3.1.
Configurations

Configuration 1 (hide)

cpe:2.3:a:libslirp_project:libslirp:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:redhat:openstack:13:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:advanced_virtualization:*:*:*

Configuration 3 (hide)

OR cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*

Configuration 4 (hide)

OR cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

Configuration 5 (hide)

OR cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*

History

07 Nov 2023, 03:14

Type Values Removed Values Added
References
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JYTZ32P67PZER6P7TW6FQK3SZRKQLVEI/', 'name': 'FEDORA-2020-8c0b966c16', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'FEDORA'}
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JYTZ32P67PZER6P7TW6FQK3SZRKQLVEI/ -

05 Apr 2022, 15:05

Type Values Removed Values Added
CPE cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
References (UBUNTU) https://usn.ubuntu.com/4467-1/ - (UBUNTU) https://usn.ubuntu.com/4467-1/ - Third Party Advisory
References (CONFIRM) https://security.netapp.com/advisory/ntap-20201001-0001/ - (CONFIRM) https://security.netapp.com/advisory/ntap-20201001-0001/ - Third Party Advisory

04 Aug 2021, 17:14

Type Values Removed Values Added
CPE cpe:2.3:a:redhat:openstack:13.0:*:*:*:*:*:*:* cpe:2.3:a:redhat:openstack:13:*:*:*:*:*:*:*

Information

Published : 2020-07-09 16:15

Updated : 2023-12-10 13:27


NVD link : CVE-2020-10756

Mitre link : CVE-2020-10756

CVE.ORG link : CVE-2020-10756


JSON object : View

Products Affected

opensuse

  • leap

debian

  • debian_linux

redhat

  • enterprise_linux
  • openstack

libslirp_project

  • libslirp

canonical

  • ubuntu_linux
CWE
CWE-125

Out-of-bounds Read