CVE Vulnerabilities

CVE-2019-14378

Improper Handling of Exceptional Conditions

Published: Jul 29, 2019 | Modified: Nov 07, 2023
CVSS 3.x
8.8
HIGH
Source:
NVD
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
6.5 MEDIUM
AV:N/AC:L/Au:S/C:P/I:P/A:P
RedHat/V2
RedHat/V3
7 IMPORTANT
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H
Ubuntu
LOW

ip_reass in ip_input.c in libslirp 4.0.0 has a heap-based buffer overflow via a large packet because it mishandles a case involving the first fragment.

Weakness

The product does not handle or incorrectly handles an exceptional condition.

Affected Software

Name Vendor Start Version End Version
Libslirp Libslirp_project 4.0.0 (including) 4.0.0 (including)
Advanced Virtualization for RHEL 8.1.0 RedHat virt:8.1-8010020190927171011.cdc1202b *
Advanced Virtualization for RHEL 8.1.0 RedHat virt-devel:8.1-8010020190927171011.cdc1202b *
Red Hat Enterprise Linux 6 RedHat qemu-kvm-2:0.12.1.2-2.506.el6_10.6 *
Red Hat Enterprise Linux 7 RedHat qemu-kvm-ma-10:2.12.0-33.el7_7.1 *
Red Hat Enterprise Linux 7 RedHat qemu-kvm-10:1.5.3-167.el7_7.4 *
Red Hat Enterprise Linux 7.6 Extended Update Support RedHat qemu-kvm-ma-10:2.12.0-18.el7_6.6 *
Red Hat Enterprise Linux 7.6 Extended Update Support RedHat qemu-kvm-10:1.5.3-160.el7_6.6 *
Red Hat Enterprise Linux 7 Extras RedHat slirp4netns-0:0.3.0-8.el7_7 *
Red Hat Enterprise Linux 8 RedHat virt-devel:rhel-8000020190828150510.f8e95b4e *
Red Hat Enterprise Linux 8 RedHat virt:rhel-8000020190828150510.f8e95b4e *
Red Hat Enterprise Linux 8 RedHat container-tools:rhel8-8010020190927090915.4985cc55 *
Red Hat Enterprise Linux 8 RedHat container-tools:1.0-8010020190927091243.4985cc55 *
Red Hat OpenStack Platform 10.0 (Newton) RedHat qemu-kvm-rhev-10:2.12.0-33.el7_7.4 *
Red Hat OpenStack Platform 13.0 (Queens) RedHat qemu-kvm-rhev-10:2.12.0-33.el7_7.4 *
Red Hat OpenStack Platform 14.0 (Rocky) RedHat qemu-kvm-rhev-10:2.12.0-33.el7_7.4 *
Red Hat Virtualization 4 for Red Hat Enterprise Linux 7 RedHat qemu-kvm-rhev-10:2.12.0-33.el7_7.4 *
Red Hat Virtualization 4 for Red Hat Enterprise Linux 7 RedHat qemu-kvm-rhev-10:2.12.0-44.el7 *
Red Hat Virtualization Engine 4.2 RedHat qemu-kvm-rhev-10:2.12.0-18.el7_6.11 *
Red Hat Virtualization Engine 4.3 RedHat qemu-kvm-rhev-10:2.12.0-33.el7_7.4 *
Red Hat Virtualization Engine 4.3 RedHat qemu-kvm-rhev-10:2.12.0-44.el7 *
Android Ubuntu trusty *
Android Ubuntu xenial *
Basilisk2 Ubuntu bionic *
Basilisk2 Ubuntu disco *
Basilisk2 Ubuntu eoan *
Basilisk2 Ubuntu groovy *
Basilisk2 Ubuntu hirsute *
Basilisk2 Ubuntu impish *
Basilisk2 Ubuntu kinetic *
Basilisk2 Ubuntu lunar *
Basilisk2 Ubuntu mantic *
Basilisk2 Ubuntu trusty *
Basilisk2 Ubuntu xenial *
Bochs Ubuntu bionic *
Bochs Ubuntu disco *
Bochs Ubuntu eoan *
Bochs Ubuntu groovy *
Bochs Ubuntu hirsute *
Bochs Ubuntu impish *
Bochs Ubuntu kinetic *
Bochs Ubuntu lunar *
Bochs Ubuntu mantic *
Bochs Ubuntu trusty *
Bochs Ubuntu xenial *
Fs-uae Ubuntu bionic *
Fs-uae Ubuntu disco *
Fs-uae Ubuntu eoan *
Fs-uae Ubuntu groovy *
Fs-uae Ubuntu hirsute *
Fs-uae Ubuntu impish *
Fs-uae Ubuntu kinetic *
Fs-uae Ubuntu lunar *
Fs-uae Ubuntu mantic *
Fs-uae Ubuntu trusty *
Fs-uae Ubuntu xenial *
Libslirp Ubuntu trusty *
Qemu Ubuntu bionic *
Qemu Ubuntu devel *
Qemu Ubuntu disco *
Qemu Ubuntu eoan *
Qemu Ubuntu focal *
Qemu Ubuntu groovy *
Qemu Ubuntu hirsute *
Qemu Ubuntu impish *
Qemu Ubuntu jammy *
Qemu Ubuntu kinetic *
Qemu Ubuntu lunar *
Qemu Ubuntu mantic *
Qemu Ubuntu noble *
Qemu Ubuntu oracular *
Qemu Ubuntu trusty *
Qemu Ubuntu trusty/esm *
Qemu Ubuntu upstream *
Qemu Ubuntu xenial *
Qemu-kvm Ubuntu precise/esm *
Qemu-kvm Ubuntu trusty *
Qemu-kvm-spice Ubuntu trusty *
Qemu-linaro Ubuntu trusty *
Slirp Ubuntu bionic *
Slirp Ubuntu disco *
Slirp Ubuntu eoan *
Slirp Ubuntu groovy *
Slirp Ubuntu hirsute *
Slirp Ubuntu impish *
Slirp Ubuntu kinetic *
Slirp Ubuntu lunar *
Slirp Ubuntu mantic *
Slirp Ubuntu trusty *
Slirp Ubuntu trusty/esm *
Slirp Ubuntu xenial *
Slirp4netns Ubuntu disco *
Slirp4netns Ubuntu trusty *
Vde2 Ubuntu bionic *
Vde2 Ubuntu disco *
Vde2 Ubuntu eoan *
Vde2 Ubuntu groovy *
Vde2 Ubuntu hirsute *
Vde2 Ubuntu impish *
Vde2 Ubuntu kinetic *
Vde2 Ubuntu lunar *
Vde2 Ubuntu mantic *
Vde2 Ubuntu trusty *
Vde2 Ubuntu xenial *
Xen Ubuntu disco *
Xen Ubuntu eoan *
Xen Ubuntu groovy *
Xen Ubuntu hirsute *
Xen Ubuntu impish *
Xen Ubuntu trusty *
Xen Ubuntu xenial *

References