ID CVE-2019-6778
Summary In QEMU 3.0.0, tcp_emu in slirp/tcp_subr.c has a heap-based buffer overflow.
References
Vulnerable Configurations
  • cpe:2.3:a:qemu:qemu:3.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:qemu:qemu:3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*
    cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*
  • cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*
    cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*
CVSS
Base: 4.6 (as of 24-08-2020 - 17:37)
Impact:
Exploitability:
CWE CWE-787
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:L/AC:L/Au:N/C:P/I:P/A:P
redhat via4
advisories
  • bugzilla
    id 1664205
    title CVE-2019-6778 QEMU: slirp: heap buffer overflow in tcp_emu()
    oval
    OR
    • comment Red Hat Enterprise Linux must be installed
      oval oval:com.redhat.rhba:tst:20070304026
    • AND
      • comment Red Hat Enterprise Linux 7 is installed
        oval oval:com.redhat.rhba:tst:20150364027
      • OR
        • AND
          • comment qemu-img is earlier than 10:1.5.3-160.el7_6.3
            oval oval:com.redhat.rhsa:tst:20191883001
          • comment qemu-img is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20110345002
        • AND
          • comment qemu-kvm is earlier than 10:1.5.3-160.el7_6.3
            oval oval:com.redhat.rhsa:tst:20191883003
          • comment qemu-kvm is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20110345004
        • AND
          • comment qemu-kvm-common is earlier than 10:1.5.3-160.el7_6.3
            oval oval:com.redhat.rhsa:tst:20191883005
          • comment qemu-kvm-common is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20140704014
        • AND
          • comment qemu-kvm-tools is earlier than 10:1.5.3-160.el7_6.3
            oval oval:com.redhat.rhsa:tst:20191883007
          • comment qemu-kvm-tools is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20110345006
    rhsa
    id RHSA-2019:1883
    released 2019-07-29
    severity Important
    title RHSA-2019:1883: qemu-kvm security update (Important)
  • bugzilla
    id 1712670
    title CVE-2019-12155 QEMU: qxl: null pointer dereference while releasing spice resources
    oval
    OR
    • comment Red Hat Enterprise Linux must be installed
      oval oval:com.redhat.rhba:tst:20070304026
    • AND
      • comment Red Hat Enterprise Linux 6 is installed
        oval oval:com.redhat.rhba:tst:20111656003
      • OR
        • AND
          • comment qemu-guest-agent is earlier than 2:0.12.1.2-2.506.el6_10.5
            oval oval:com.redhat.rhsa:tst:20192892001
          • comment qemu-guest-agent is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20121234002
        • AND
          • comment qemu-img is earlier than 2:0.12.1.2-2.506.el6_10.5
            oval oval:com.redhat.rhsa:tst:20192892003
          • comment qemu-img is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20110345002
        • AND
          • comment qemu-kvm is earlier than 2:0.12.1.2-2.506.el6_10.5
            oval oval:com.redhat.rhsa:tst:20192892005
          • comment qemu-kvm is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20110345004
        • AND
          • comment qemu-kvm-tools is earlier than 2:0.12.1.2-2.506.el6_10.5
            oval oval:com.redhat.rhsa:tst:20192892007
          • comment qemu-kvm-tools is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20110345006
    rhsa
    id RHSA-2019:2892
    released 2019-09-24
    severity Important
    title RHSA-2019:2892: qemu-kvm security update (Important)
  • rhsa
    id RHSA-2019:1968
  • rhsa
    id RHSA-2019:2425
rpms
  • qemu-img-10:1.5.3-160.el7_6.3
  • qemu-kvm-10:1.5.3-160.el7_6.3
  • qemu-kvm-common-10:1.5.3-160.el7_6.3
  • qemu-kvm-debuginfo-10:1.5.3-160.el7_6.3
  • qemu-kvm-tools-10:1.5.3-160.el7_6.3
  • qemu-img-rhev-10:2.12.0-18.el7_6.7
  • qemu-kvm-common-rhev-10:2.12.0-18.el7_6.7
  • qemu-kvm-rhev-10:2.12.0-18.el7_6.7
  • qemu-kvm-rhev-debuginfo-10:2.12.0-18.el7_6.7
  • qemu-kvm-tools-rhev-10:2.12.0-18.el7_6.7
  • qemu-img-rhev-10:2.12.0-33.el7
  • qemu-kvm-common-rhev-10:2.12.0-33.el7
  • qemu-kvm-rhev-10:2.12.0-33.el7
  • qemu-kvm-rhev-debuginfo-10:2.12.0-33.el7
  • qemu-kvm-tools-rhev-10:2.12.0-33.el7
  • qemu-guest-agent-2:0.12.1.2-2.506.el6_10.5
  • qemu-img-2:0.12.1.2-2.506.el6_10.5
  • qemu-kvm-2:0.12.1.2-2.506.el6_10.5
  • qemu-kvm-debuginfo-2:0.12.1.2-2.506.el6_10.5
  • qemu-kvm-tools-2:0.12.1.2-2.506.el6_10.5
refmap via4
bid 106758
bugtraq 20190531 [SECURITY] [DSA 4454-1] qemu security update
debian DSA-4454
fedora
  • FEDORA-2019-0664c7724d
  • FEDORA-2019-88a98ce795
misc
  • [Qemu-devel][PULL 65/65] 20190114 slirp: check data length while emulating ident
  • [oss-security] 20190124 CVE-2019-6778 QEMU: slirp: heap buffer overflow in tcp_emu()
suse
  • SUSE-SA-2019:0254-1
  • openSUSE-SU-2019:1074
  • openSUSE-SU-2019:1226
  • openSUSE-SU-2019:2044
  • openSUSE-SU-2020:0468
ubuntu USN-3923-1
Last major update 24-08-2020 - 17:37
Published 21-03-2019 - 16:01
Last modified 24-08-2020 - 17:37
Back to Top