{"id":"CVE-2019-14378","details":"ip_reass in ip_input.c in libslirp 4.0.0 has a heap-based buffer overflow via a large packet because it mishandles a case involving the first fragment.","modified":"2026-04-10T04:12:22.259932Z","published":"2019-07-29T11:15:11.577Z","related":["ALSA-2019:3403","ALSA-2019:3494","SUSE-SU-2019:14151-1","SUSE-SU-2019:14199-1","SUSE-SU-2019:14201-1","SUSE-SU-2019:2157-1","SUSE-SU-2019:2192-1","SUSE-SU-2019:2221-1","SUSE-SU-2019:2246-1","SUSE-SU-2019:2353-1","SUSE-SU-2019:2753-1","SUSE-SU-2019:2769-1","SUSE-SU-2019:2783-1","SUSE-SU-2019:2955-1","SUSE-SU-2020:0388-1","openSUSE-SU-2019:2041-1","openSUSE-SU-2019:2059-1","openSUSE-SU-2019:2510-1","openSUSE-SU-2024:11287-1"],"references":[{"type":"WEB","url":"https://news.ycombinator.com/item?id=20799010"},{"type":"WEB","url":"https://seclists.org/bugtraq/2019/Aug/41"},{"type":"WEB","url":"https://support.f5.com/csp/article/K25423748?utm_source=f5support&amp%3Butm_medium=RSS"},{"type":"WEB","url":"https://usn.ubuntu.com/4191-2/"},{"type":"WEB","url":"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00008.html"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2019/09/msg00021.html"},{"type":"WEB","url":"https://support.f5.com/csp/article/K25423748"},{"type":"WEB","url":"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00000.html"},{"type":"WEB","url":"http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00034.html"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UPLHB2AN663OXAWUQURF7J2X5LHD4VD3/"},{"type":"WEB","url":"https://seclists.org/bugtraq/2019/Sep/3"},{"type":"WEB","url":"https://usn.ubuntu.com/4191-1/"},{"type":"WEB","url":"http://packetstormsecurity.com/files/154269/QEMU-Denial-Of-Service.html"},{"type":"ADVISORY","url":"https://www.debian.org/security/2019/dsa-4512"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2019:3494"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2019:3742"},{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2019/08/01/2"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2019:3403"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2019:3787"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2019:3968"},{"type":"ADVISORY","url":"https://www.debian.org/security/2019/dsa-4506"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2019:4344"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2020:0366"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2020:0775"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2019:3179"},{"type":"FIX","url":"https://gitlab.freedesktop.org/slirp/libslirp/commit/126c04acbabd7ad32c2b018fe10dfac2a3bc1210"},{"type":"ARTICLE","url":"https://blog.bi0s.in/2019/08/24/Pwn/VM-Escape/2019-07-29-qemu-vm-escape-cve-2019-14378/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://gitlab.freedesktop.org/slirp/libslirp","events":[{"introduced":"0"},{"last_affected":"bc814a7cf15aa01652fb23fc99bcc36708ac9b0c"},{"fixed":"126c04acbabd7ad32c2b018fe10dfac2a3bc1210"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"4.0.0"}]}}],"versions":["release_0_10_0","release_0_10_1","release_0_10_2","release_0_6_0","release_0_6_1","release_0_7_0","release_0_7_1","release_0_8_1","release_0_8_2","release_0_9_0","release_0_9_1","v0.10.0","v0.10.1","v0.10.2","v0.10.3","v0.10.4","v0.10.5","v0.10.6","v0.11.0-rc0","v0.12.0","v0.12.0-rc0","v0.12.0-rc1","v0.12.0-rc2","v0.12.1","v0.13.0","v0.13.0-rc0","v0.13.0-rc1","v0.13.0-rc2","v0.13.0-rc3","v0.14.0-rc0","v0.14.0-rc1","v0.15.0","v0.15.0-rc0","v0.15.0-rc1","v0.15.0-rc2","v0.15.1","v0.6.0","v0.6.1","v0.7.0","v0.7.1","v0.8.1","v0.8.2","v0.9.0","v0.9.1","v1.0","v1.0-rc0","v1.0-rc1","v1.0-rc2","v1.0-rc3","v1.0-rc4","v1.0.1","v1.1-rc0","v1.1-rc1","v1.1-rc2","v1.1.0","v1.1.0-rc2","v1.1.0-rc3","v1.1.0-rc4","v1.1.1","v1.1.2","v1.2.0","v1.2.0-rc0","v1.2.0-rc1","v1.2.0-rc2","v1.2.0-rc3","v1.3.0","v1.3.0-rc0","v1.3.0-rc1","v1.3.0-rc2","v1.3.1","v1.4.0","v1.4.0-rc0","v1.4.0-rc1","v1.4.0-rc2","v1.5.0","v1.5.0-rc0","v1.5.0-rc1","v1.5.0-rc2","v1.5.0-rc3","v1.5.1","v1.5.2","v1.5.3","v1.6.0","v1.6.0-rc0","v1.6.0-rc1","v1.6.0-rc2","v1.6.0-rc3","v1.6.1","v1.6.2","v1.7.0","v1.7.0-rc0","v1.7.0-rc1","v1.7.0-rc2","v1.7.1","v1.7.2","v2.0.0","v2.0.0-rc0","v2.0.0-rc1","v2.0.0-rc2","v2.0.0-rc3","v2.0.1","v2.0.2","v2.1.0","v2.1.0-rc0","v2.1.0-rc1","v2.1.0-rc2","v2.1.0-rc3","v2.1.0-rc4","v2.1.0-rc5","v2.1.1","v2.10.0","v2.10.0-rc0","v2.10.0-rc1","v2.10.0-rc2","v2.10.0-rc3","v2.10.0-rc4","v2.11.0","v2.11.0-rc0","v2.11.0-rc1","v2.11.0-rc2","v2.11.0-rc3","v2.11.0-rc4","v2.11.0-rc5","v2.11.1","v2.11.2","v2.12.0","v2.12.0-rc0","v2.12.0-rc1","v2.12.0-rc2","v2.12.0-rc3","v2.12.0-rc4","v2.12.1","v2.2.0","v2.2.0-rc0","v2.2.0-rc1","v2.2.0-rc2","v2.2.0-rc3","v2.2.0-rc4","v2.2.0-rc5","v2.2.1","v2.3.0","v2.3.0-rc0","v2.3.0-rc1","v2.3.0-rc2","v2.3.0-rc3","v2.3.0-rc4","v2.3.1","v2.4.0","v2.4.0-rc0","v2.4.0-rc1","v2.4.0-rc2","v2.4.0-rc3","v2.4.0-rc4","v2.4.0.1","v2.5.0","v2.5.0-rc0","v2.5.0-rc1","v2.5.0-rc2","v2.5.0-rc3","v2.5.0-rc4","v2.5.1","v2.5.1.1","v2.6.0","v2.6.0-rc0","v2.6.0-rc1","v2.6.0-rc2","v2.6.0-rc3","v2.6.0-rc4","v2.6.0-rc5","v2.7.0","v2.7.0-rc0","v2.7.0-rc1","v2.7.0-rc2","v2.7.0-rc3","v2.7.0-rc4","v2.7.0-rc5","v2.8.0","v2.8.0-rc0","v2.8.0-rc1","v2.8.0-rc2","v2.8.0-rc3","v2.8.0-rc4","v2.8.1","v2.8.1.1","v2.9.0","v2.9.0-rc0","v2.9.0-rc1","v2.9.0-rc2","v2.9.0-rc3","v2.9.0-rc4","v2.9.0-rc5","v3.0.0","v3.0.0-rc0","v3.0.0-rc1","v3.0.0-rc2","v3.0.0-rc3","v3.0.0-rc4","v3.1.0","v3.1.0-rc0","v3.1.0-rc1","v3.1.0-rc2","v3.1.0-rc3","v3.1.0-rc4","v3.1.0-rc5","v4.0.0","v4.0.0-rc0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-14378.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}