ncsi.c in libslirp through 4.3.1 has a buffer over-read because it tries to read a certain amount of header data even if that exceeds the total packet length.
References
Link | Resource |
---|---|
http://www.openwall.com/lists/oss-security/2020/11/27/1 | Mailing List Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html | Mailing List Third Party Advisory |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/45S5IHSWYITJKMRT23HCHJQDI674AMTQ/ | |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OPCOHDEONMHH6QPJZKRLLCNRGRYODG7X/ | |
https://lists.freedesktop.org/archives/slirp/2020-November/000115.html | Mailing List Vendor Advisory |
Configurations
History
14 Oct 2022, 12:22
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* |
|
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OPCOHDEONMHH6QPJZKRLLCNRGRYODG7X/ - Mailing List, Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/45S5IHSWYITJKMRT23HCHJQDI674AMTQ/ - Mailing List, Third Party Advisory | |
References | (MLIST) https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html - Mailing List, Third Party Advisory |
05 Sep 2022, 06:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
Information
Published : 2020-11-26 20:15
Updated : 2024-02-04 21:23
NVD link : CVE-2020-29129
Mitre link : CVE-2020-29129
CVE.ORG link : CVE-2020-29129
JSON object : View
Products Affected
libslirp_project
- libslirp
debian
- debian_linux
fedoraproject
- fedora
CWE
CWE-125
Out-of-bounds Read