CVE-2019-14378: Buffer Overflow
First published: Sun Jul 28 2019(Updated: )
A heap buffer overflow issue was found in the SLiRP networking implementation of the QEMU emulator. It occurs in ip_reass() routine while reassembling incoming packets, if the first fragment is bigger than the m->m_dat[] buffer. A user/process could use this flaw to crash the Qemu process on the host resulting in DoS or potentially execute arbitrary code with privileges of the QEMU process. Upstream patch: --------------- -> <a href="https://gitlab.freedesktop.org/slirp/libslirp/commit/126c04acbabd7ad32c2b018fe10dfac2a3bc1210">https://gitlab.freedesktop.org/slirp/libslirp/commit/126c04acbabd7ad32c2b018fe10dfac2a3bc1210</a> Reference: ---------- -> <a href="https://www.openwall.com/lists/oss-security/2019/08/01/2">https://www.openwall.com/lists/oss-security/2019/08/01/2</a>
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/qemu-kvm | <2:0.12.1.2-2.506.el6_10.6 | 2:0.12.1.2-2.506.el6_10.6 |
| redhat/qemu-kvm-ma | <10:2.12.0-33.el7_7.1 | 10:2.12.0-33.el7_7.1 |
| redhat/qemu-kvm | <10:1.5.3-167.el7_7.4 | 10:1.5.3-167.el7_7.4 |
| redhat/qemu-kvm-ma | <10:2.12.0-18.el7_6.6 | 10:2.12.0-18.el7_6.6 |
| redhat/qemu-kvm | <10:1.5.3-160.el7_6.6 | 10:1.5.3-160.el7_6.6 |
| redhat/slirp4netns | <0:0.3.0-8.el7_7 | 0:0.3.0-8.el7_7 |
| redhat/qemu-kvm-rhev | <10:2.12.0-33.el7_7.4 | 10:2.12.0-33.el7_7.4 |
| redhat/qemu-kvm-rhev | <10:2.12.0-44.el7 | 10:2.12.0-44.el7 |
| redhat/qemu-kvm-rhev | <10:2.12.0-18.el7_6.11 | 10:2.12.0-18.el7_6.11 |
| debian/qemu | 1:5.2+dfsg-11+deb11u3 1:5.2+dfsg-11+deb11u2 1:7.2+dfsg-7+deb12u12 1:9.2.0+ds-5 | |
| debian/slirp4netns | 1.0.1-2 1.2.0-1 1.2.1-1 | |
| libslirp | =4.0.0 |
Remedy
There is no external mitigation to prevent this out-of-bounds heap memory access.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://security-tracker.debian.org/tracker/CVE-2019-14459
- https://security-tracker.debian.org/tracker/CVE-2019-14378
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14378
- https://gitlab.freedesktop.org/slirp/libslirp/commit/126c04acbabd7ad32c2b018fe10dfac2a3bc1210
- https://www.openwall.com/lists/oss-security/2019/08/01/2
- https://security-tracker.debian.org/tracker/CVE-2017-9524
- https://security-tracker.debian.org/tracker/CVE-2019-13164
- https://security-tracker.debian.org/tracker/CVE-2018-20815
- https://security-tracker.debian.org/tracker/CVE-2019-8934
- https://security-tracker.debian.org/tracker/CVE-2018-20123
- https://security-tracker.debian.org/tracker/CVE-2018-20124
- https://security-tracker.debian.org/tracker/CVE-2018-20125
- https://security-tracker.debian.org/tracker/CVE-2018-20126
- https://security-tracker.debian.org/tracker/CVE-2018-20191
- https://security-tracker.debian.org/tracker/CVE-2018-20216
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=933741
- https://www.cve.org/CVERecord?id=CVE-2019-14378 https://nvd.nist.gov/vuln/detail/CVE-2019-14378
- https://bugzilla.redhat.com/show_bug.cgi?id=1734745
- https://access.redhat.com/errata/RHBA-2019:3723
- https://access.redhat.com/errata/RHSA-2020:0775
- https://access.redhat.com/errata/RHSA-2019:3968
- https://access.redhat.com/errata/RHSA-2020:0366
- https://access.redhat.com/errata/RHSA-2020:2065
- https://access.redhat.com/errata/RHSA-2020:2126
- https://access.redhat.com/errata/RHSA-2020:0889
- https://access.redhat.com/errata/RHSA-2019:3403
- https://access.redhat.com/errata/RHSA-2019:3494
- https://access.redhat.com/errata/RHSA-2019:4344
- https://access.redhat.com/errata/RHSA-2019:3787
- https://access.redhat.com/errata/RHSA-2019:3742
- https://access.redhat.com/errata/RHSA-2019:3179
- https://access.redhat.com/errata/RHSA-2020:1216
- https://access.redhat.com/errata/RHSA-2020:2342
- https://access.redhat.com/security/cve/cve-2019-14378
- http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00000.html
- http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00008.html
- http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00034.html
- http://packetstormsecurity.com/files/154269/QEMU-Denial-Of-Service.html
- http://www.openwall.com/lists/oss-security/2019/08/01/2
- https://blog.bi0s.in/2019/08/24/Pwn/VM-Escape/2019-07-29-qemu-vm-escape-cve-2019-14378/
- https://lists.debian.org/debian-lts-announce/2019/09/msg00021.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPLHB2AN663OXAWUQURF7J2X5LHD4VD3/
- https://news.ycombinator.com/item?id=20799010
- https://seclists.org/bugtraq/2019/Aug/41
- https://seclists.org/bugtraq/2019/Sep/3
- https://support.f5.com/csp/article/K25423748
- https://support.f5.com/csp/article/K25423748?utm_source=f5support&utm_medium=RSS
- https://usn.ubuntu.com/4191-1/
- https://usn.ubuntu.com/4191-2/
- https://www.debian.org/security/2019/dsa-4506
- https://www.debian.org/security/2019/dsa-4512
- https://support.f5.com/csp/article/K25423748?utm_source=f5support&amp;utm_medium=RSS
- https://launchpad.net/bugs/cve/CVE-2019-14378
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1735654
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UPLHB2AN663OXAWUQURF7J2X5LHD4VD3/
- https://support.f5.com/csp/article/K25423748?utm_source=f5support&%3Butm_medium=RSS
- https://github.com/rootless-containers/slirp4netns/security/advisories/GHSA-gjwp-vf65-3jqf
- https://nvd.nist.gov/vuln/detail/CVE-2019-14378
- https://ubuntu.com/security/CVE-2019-14378
Parent vulnerabilities
(Appears in the following advisories)
Frequently Asked Questions
What is CVE-2019-14378?
CVE-2019-14378 is a heap buffer overflow vulnerability in the SLiRP networking implementation of the QEMU emulator.
What is the severity of CVE-2019-14378?
CVE-2019-14378 has a severity score of 8.8, which is considered high.
Which software is affected by CVE-2019-14378?
The software affected by CVE-2019-14378 includes qemu-kvm, qemu-kvm-ma, qemu-kvm-rhev, slirp4netns, and qemu.
How can I fix CVE-2019-14378?
To fix CVE-2019-14378, update the affected software to the corresponding patched version provided by the vendor.
Where can I find more information about CVE-2019-14378?
You can find more information about CVE-2019-14378 on the Debian security tracker and MITRE's CVE database.
- collector/debian-bugs
- alias/CVE-2019-14378
- collector/redhat-cve
- agent/type
- agent/first-publish-date
- collector/launchpad-cve
- source/Launchpad
- collector/redhat-bugzilla
- source/Red Hat
- agent/severity
- agent/weakness
- collector/mitre-cve
- source/MITRE
- collector/usn-cve
- source/Ubuntu
- agent/references
- agent/remedy
- agent/description
- agent/last-modified-date
- agent/trending
- agent/source
- agent/tags
- agent/event
- collector/security-tracker-debian
- source/Debian
- agent/software-canonical-lookup
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup-request
- collector/nvd-index
- agent/author
- agent/softwarecombine
- package-manager/redhat
- package-manager/debian
- vendor/libslirp project
- canonical/libslirp
- version/libslirp/4.0.0