Astra Linux - уязвимость в libslirp

An invalid pointer initialization issue was discovered in the SLiRP networking implementation of QEMU. The flaw resides in the tftpinput function and can occur when processing an UDP packet that is smaller than the size of the ‘tftpt’ structure. This issue may lead to out-of-bounds read access or...

Astra Linux - уязвимость в libslirp

An invalid pointer initialization issue was discovered in the SLiRP networking implementation of QEMU. The flaw resides in the bootpinput function and can occur when processing an UDP packet that is smaller than the size of the ‘bootpt’ structure. A malicious guest could exploit this flaw to leak...

MiracleLinux 7 : qemu-kvm-1.5.3-173.1.0.1.el7.AXS7 (AXSA:2020-075:01)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2020-075:01 advisory. QEMU: Slirp: potential OOB access due to unsafe snprintf usages CVE-2020-8608 Tenable has extracted the preceding description block directly from the...

MiracleLinux 8 : container-tools:1.0 (AXSA:2020-294:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2020-294:01 advisory. QEMU: slirp: OOB buffer access while emulating tcp protocols in tcpemu CVE-2020-7039 Modularity name: container-tools Stream name: 1.0 Tenable has extracted t...

MiracleLinux 8 : virt:rhel (AXSA:2020-911:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2020-911:01 advisory. QEMU: usb: out-of-bounds r/w access issue while processing usb packets CVE-2020-14364 QEMU: slirp: networking out-of-bounds read information disclosu...

MiracleLinux 4 : qemu-kvm-0.12.1.2-2.506.6.0.1.AXS4 (AXSA:2020-078:02)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2020-078:02 advisory. QEMU: slirp: heap buffer overflow during packet reassembly CVE-2019-14378 QEMU: slirp: OOB buffer access while emulating tcp protocols in tcpemu...

MiracleLinux 8 : virt:rhel and virt-devel:rhel (AXSA:2022-2938:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-2938:01 advisory. QEMU: net: e1000e: use-after-free while sending packets CVE-2020-15859 QEMU: slirp: invalid pointer initialization may lead to information disclosur...

MiracleLinux 8 : container-tools: rhel8 (AXSA:2020-295:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2020-295:01 advisory. QEMU: Slirp: potential OOB access due to unsafe snprintf usages CVE-2020-8608 Bug Fixes: useradd and groupadd fail under rootless Buildah and podman Podman...

MiracleLinux 4 : qemu-kvm-0.12.1.2-2.506.AXS4.5 (AXSA:2019-4314:03)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2019-4314:03 advisory. QEMU: slirp: heap buffer overflow while reassembling fragmented datagrams CVE-2018-11806 QEMU: slirp: heap buffer overflow in tcpemu CVE-2019-6778...

Thinking Outside The Box [dusted off draft from 2017]

Posted by Jann Horn Preface Hello from the future! This is a blogpost I originally drafted in early 2017. I wrote what I intended to be the first half of this post about escaping from the VM to the VirtualBox host userspace process with CVE-2017-3558, but I never got around to writing the second...

EUVD-2007-5700

Malware in sbrugna...

EUVD-2021-26902

Malware in sbrugna...

EUVD-2021-26899

Malware in sbrugna...

EUVD-2020-3173

Malware in sbrugna...

EUVD-2021-26900

Malware in sbrugna...

EUVD-2019-16336

Malware in sbrugna...

EUVD-2021-26901

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2020-7211

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - tftp.c in libslirp 4.1.0, as used in QEMU 4.2.0, does not prevent ..\ directory traversal on Windows. CVE-2020-7211 Note that Nessus relies on the presence of t...

Linux Distros Unpatched Vulnerability : CVE-2021-3592

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the bootpinput function and could occur whi...

Linux Distros Unpatched Vulnerability : CVE-2021-3595

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the tftpinput function and could occur whil...