Vulnerabilities
Misconfiguration
Runtime Security
Compliance
CVE Vulnerabilities

CVE-2019-14378

Improper Handling of Exceptional Conditions

Published: Jul 29, 2019 | Modified: Nov 07, 2023
CVSS 3.x
8.8
HIGH
Source:
NVD
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
6.5 MEDIUM
AV:N/AC:L/Au:S/C:P/I:P/A:P
RedHat/V2
RedHat/V3
7 IMPORTANT
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H
Ubuntu
LOW
Additional information
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2019-14378
CWEhttps://cwe.mitre.org/data/definitions/755.html

ip_reass in ip_input.c in libslirp 4.0.0 has a heap-based buffer overflow via a large packet because it mishandles a case involving the first fragment.

Weakness

The product does not handle or incorrectly handles an exceptional condition.

Affected Software

Name Vendor Start Version End Version
Libslirp Libslirp_project 4.0.0 (including) 4.0.0 (including)
Advanced Virtualization for RHEL 8.1.0 RedHat virt:8.1-8010020190927171011.cdc1202b *
Advanced Virtualization for RHEL 8.1.0 RedHat virt-devel:8.1-8010020190927171011.cdc1202b *
Red Hat Enterprise Linux 6 RedHat qemu-kvm-2:0.12.1.2-2.506.el6_10.6 *
Red Hat Enterprise Linux 7 RedHat qemu-kvm-ma-10:2.12.0-33.el7_7.1 *
Red Hat Enterprise Linux 7 RedHat qemu-kvm-10:1.5.3-167.el7_7.4 *
Red Hat Enterprise Linux 7.6 Extended Update Support RedHat qemu-kvm-ma-10:2.12.0-18.el7_6.6 *
Red Hat Enterprise Linux 7.6 Extended Update Support RedHat qemu-kvm-10:1.5.3-160.el7_6.6 *
Red Hat Enterprise Linux 7 Extras RedHat slirp4netns-0:0.3.0-8.el7_7 *
Red Hat Enterprise Linux 8 RedHat virt-devel:rhel-8000020190828150510.f8e95b4e *
Red Hat Enterprise Linux 8 RedHat virt:rhel-8000020190828150510.f8e95b4e *
Red Hat Enterprise Linux 8 RedHat container-tools:rhel8-8010020190927090915.4985cc55 *
Red Hat Enterprise Linux 8 RedHat container-tools:1.0-8010020190927091243.4985cc55 *
Red Hat OpenStack Platform 10.0 (Newton) RedHat qemu-kvm-rhev-10:2.12.0-33.el7_7.4 *
Red Hat OpenStack Platform 13.0 (Queens) RedHat qemu-kvm-rhev-10:2.12.0-33.el7_7.4 *
Red Hat OpenStack Platform 14.0 (Rocky) RedHat qemu-kvm-rhev-10:2.12.0-33.el7_7.4 *
Red Hat Virtualization 4 for Red Hat Enterprise Linux 7 RedHat qemu-kvm-rhev-10:2.12.0-33.el7_7.4 *
Red Hat Virtualization 4 for Red Hat Enterprise Linux 7 RedHat qemu-kvm-rhev-10:2.12.0-44.el7 *
Red Hat Virtualization Engine 4.2 RedHat qemu-kvm-rhev-10:2.12.0-18.el7_6.11 *
Red Hat Virtualization Engine 4.3 RedHat qemu-kvm-rhev-10:2.12.0-33.el7_7.4 *
Red Hat Virtualization Engine 4.3 RedHat qemu-kvm-rhev-10:2.12.0-44.el7 *
Android Ubuntu trusty *
Android Ubuntu xenial *
Basilisk2 Ubuntu bionic *
Basilisk2 Ubuntu disco *
Basilisk2 Ubuntu eoan *
Basilisk2 Ubuntu groovy *
Basilisk2 Ubuntu hirsute *
Basilisk2 Ubuntu impish *
Basilisk2 Ubuntu kinetic *
Basilisk2 Ubuntu lunar *
Basilisk2 Ubuntu mantic *
Basilisk2 Ubuntu trusty *
Basilisk2 Ubuntu xenial *
Bochs Ubuntu bionic *
Bochs Ubuntu disco *
Bochs Ubuntu eoan *
Bochs Ubuntu groovy *
Bochs Ubuntu hirsute *
Bochs Ubuntu impish *
Bochs Ubuntu kinetic *
Bochs Ubuntu lunar *
Bochs Ubuntu mantic *
Bochs Ubuntu trusty *
Bochs Ubuntu xenial *
Fs-uae Ubuntu bionic *
Fs-uae Ubuntu disco *
Fs-uae Ubuntu eoan *
Fs-uae Ubuntu groovy *
Fs-uae Ubuntu hirsute *
Fs-uae Ubuntu impish *
Fs-uae Ubuntu kinetic *
Fs-uae Ubuntu lunar *
Fs-uae Ubuntu mantic *
Fs-uae Ubuntu trusty *
Fs-uae Ubuntu xenial *
Libslirp Ubuntu trusty *
Qemu Ubuntu bionic *
Qemu Ubuntu devel *
Qemu Ubuntu disco *
Qemu Ubuntu eoan *
Qemu Ubuntu focal *
Qemu Ubuntu groovy *
Qemu Ubuntu hirsute *
Qemu Ubuntu impish *
Qemu Ubuntu jammy *
Qemu Ubuntu kinetic *
Qemu Ubuntu lunar *
Qemu Ubuntu mantic *
Qemu Ubuntu noble *
Qemu Ubuntu oracular *
Qemu Ubuntu trusty *
Qemu Ubuntu trusty/esm *
Qemu Ubuntu upstream *
Qemu Ubuntu xenial *
Qemu-kvm Ubuntu precise/esm *
Qemu-kvm Ubuntu trusty *
Qemu-kvm-spice Ubuntu trusty *
Qemu-linaro Ubuntu trusty *
Slirp Ubuntu bionic *
Slirp Ubuntu disco *
Slirp Ubuntu eoan *
Slirp Ubuntu groovy *
Slirp Ubuntu hirsute *
Slirp Ubuntu impish *
Slirp Ubuntu kinetic *
Slirp Ubuntu lunar *
Slirp Ubuntu mantic *
Slirp Ubuntu trusty *
Slirp Ubuntu xenial *
Slirp4netns Ubuntu disco *
Slirp4netns Ubuntu trusty *
Vde2 Ubuntu bionic *
Vde2 Ubuntu disco *
Vde2 Ubuntu eoan *
Vde2 Ubuntu groovy *
Vde2 Ubuntu hirsute *
Vde2 Ubuntu impish *
Vde2 Ubuntu kinetic *
Vde2 Ubuntu lunar *
Vde2 Ubuntu mantic *
Vde2 Ubuntu trusty *
Vde2 Ubuntu xenial *
Xen Ubuntu disco *
Xen Ubuntu eoan *
Xen Ubuntu groovy *
Xen Ubuntu hirsute *
Xen Ubuntu impish *
Xen Ubuntu trusty *
Xen Ubuntu xenial *

References

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2024 Aqua Security Software Ltd.   Privacy Policy | Terms of Use