CVE-2020-10756

Summary

An out-of-bounds read vulnerability was found in the SLiRP networking implementation of the QEMU emulator. This flaw occurs in the icmp6_send_echoreply() routine while replying to an ICMP echo request, also known as ping. This flaw allows a malicious guest to leak the contents of the host memory, resulting in possible information disclosure. This flaw affects versions of libslirp before 4.3.1.

Affected Software

VendorProductVersion RangeStatus
n/aSlirpAll libslirp versions before 4.3.1affected

Weaknesses

  • Out-of-bounds Read

ADP Enrichment

CVE Program Container

Additional References

References