{"id":"USN-4632-1","summary":"slirp vulnerabilities","details":"It was discovered that the SLiRP networking implementation of the QEMU\nemulator did not properly manage memory under certain circumstances. An\nattacker could use this to cause a heap-based buffer overflow or other out-\nof-bounds access, which can lead to a denial of service (application crash)\nor potentially execute arbitrary code. (CVE-2020-7039)\n\nIt was discovered that the SLiRP networking implementation of the QEMU\nemulator misuses snprintf return values. An attacker could use this to\ncause a denial of service (application crash) or potentially execute\narbitrary code. (CVE-2020-8608)\n","modified":"2026-04-27T16:03:38.243281489Z","published":"2020-11-12T20:31:20Z","related":["UBUNTU-CVE-2020-7039","UBUNTU-CVE-2020-8608"],"upstream":["CVE-2020-7039","CVE-2020-8608","UBUNTU-CVE-2020-7039","UBUNTU-CVE-2020-8608"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-4632-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2020-7039"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2020-8608"}],"affected":[{"package":{"name":"slirp","ecosystem":"Ubuntu:16.04:LTS","purl":"pkg:deb/ubuntu/slirp@1:1.0.17-8ubuntu16.04.1?arch=source&distro=xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:1.0.17-8ubuntu16.04.1"}]}],"versions":["1:1.0.17-8"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_name":"slirp","binary_version":"1:1.0.17-8ubuntu16.04.1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-4632-1.json","cves_map":{"ecosystem":"Ubuntu:16.04:LTS","cves":[{"id":"CVE-2020-7039","severity":[{"score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2020-8608","severity":[{"score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]}]}}},{"package":{"name":"slirp","ecosystem":"Ubuntu:18.04:LTS","purl":"pkg:deb/ubuntu/slirp@1:1.0.17-8ubuntu18.04.1?arch=source&distro=bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:1.0.17-8ubuntu18.04.1"}]}],"versions":["1:1.0.17-8","1:1.0.17-8build1"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_name":"slirp","binary_version":"1:1.0.17-8ubuntu18.04.1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-4632-1.json","cves_map":{"ecosystem":"Ubuntu:18.04:LTS","cves":[{"id":"CVE-2020-7039","severity":[{"score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2020-8608","severity":[{"score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]}]}}}],"schema_version":"1.7.5"}