Home > Vulnerability Database > CVE-2019-14378

Mend.io Vulnerability Database

CVE-2019-14378

Good to know:

Date: July 29, 2019

ip_reass in ip_input.c in libslirp 4.0.0 has a heap-based buffer overflow via a large packet because it mishandles a case involving the first fragment.

Language: C

Severity Score

7.5

Related Resources (32)

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPLHB2AN663OXAWUQURF7J2X5LHD4VD3/

Url: https://access.redhat.com/errata/RHSA-2019:3179

Url: https://usn.ubuntu.com/4191-2/

Url: https://lists.debian.org/debian-lts-announce/2019/09/msg00021.html

Url: http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00034.html

Url: http://packetstormsecurity.com/files/154269/QEMU-Denial-Of-Service.html

Url: https://access.redhat.com/errata/RHSA-2019:4344

Url: https://gitlab.freedesktop.org/slirp/libslirp/commit/126c04acbabd7ad32c2b018fe10dfac2a3bc1210

Url: https://access.redhat.com/errata/RHSA-2019:3494

Url: https://access.redhat.com/errata/RHSA-2020:0775

Url: https://blog.bi0s.in/2019/08/24/Pwn/VM-Escape/2019-07-29-qemu-vm-escape-cve-2019-14378/

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14378

Url: http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00008.html

Url: https://www.debian.org/security/2019/dsa-4506

Url: https://access.redhat.com/errata/RHSA-2019:3968

Url: https://access.redhat.com/errata/RHSA-2019:3742

Url: https://access.redhat.com/errata/RHSA-2019:3787

Url: https://access.redhat.com/errata/RHSA-2019:3403

Url: https://access.redhat.com/errata/RHSA-2020:0366

Url: https://usn.ubuntu.com/4191-1/

Url: http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00000.html

Url: https://access.redhat.com/security/cve/CVE-2019-14378

Url: https://security-tracker.debian.org/tracker/CVE-2019-14378

Url: https://nvd.nist.gov/vuln/detail/CVE-2019-14378

Url: https://support.f5.com/csp/article/K25423748?utm_source=f5support&utm_medium=RSS

Url: http://www.openwall.com/lists/oss-security/2019/08/01/2

Url: https://www.debian.org/security/2019/dsa-4512

Url: https://seclists.org/bugtraq/2019/Sep/3

Url: https://seclists.org/bugtraq/2019/Aug/41

Url: https://news.ycombinator.com/item?id=20799010

Url: https://support.f5.com/csp/article/K25423748

Url: https://www.mend.io/vulnerability-database/CVE-2019-14378

Severity Score

7.5

Weakness Type (CWE)

Buffer Errors

CWE-119

Out-of-bounds Write

CWE-787

Improper Handling of Exceptional Conditions

CWE-755

Top Fix

Upgrade Version

Upgrade to version v4.1.0

Learn More

CVSS v3

Base Score:	7.5
Attack Vector (AV):
Attack Complexity (AC):
Privileges Required (PR):
User Interaction (UI):
Scope (S):
Confidentiality (C):	PARTIAL
Integrity (I):	PARTIAL
Availability (A):	PARTIAL

CVSS v2

Base Score:	9.8
Access Vector (AV):
Access Complexity (AC):
Authentication (AU):
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2019-14378

Good to know:

Date: July 29, 2019

Language: C

Severity Score

Related Resources (32)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3

CVSS v2

Do you need more information?