what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 6 of 6 RSS Feed

CVE-2020-10756

Status Candidate

Overview

An out-of-bounds read vulnerability was found in the SLiRP networking implementation of the QEMU emulator. This flaw occurs in the icmp6_send_echoreply() routine while replying to an ICMP echo request, also known as ping. This flaw allows a malicious guest to leak the contents of the host memory, resulting in possible information disclosure. This flaw affects versions of libslirp before 4.3.1.

Related Files

Red Hat Security Advisory 2020-4694-01
Posted Nov 4, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-4694-01 - The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Issues addressed include information leakage, man-in-the-middle, and out of bounds read vulnerabilities.

tags | advisory, vulnerability
systems | linux, redhat
advisories | CVE-2020-10749, CVE-2020-10756, CVE-2020-14040
SHA-256 | 7b13b0c6f83c6a6292bdcddb68a7fb3b320eaec0b3391cb8f42be4414664644b
Red Hat Security Advisory 2020-4059-01
Posted Sep 29, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-4059-01 - Kernel-based Virtual Machine offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the virtualized systems. Issues addressed include information leakage and out of bounds read vulnerabilities.

tags | advisory, kernel, vulnerability
systems | linux, redhat
advisories | CVE-2020-10756, CVE-2020-14364
SHA-256 | bb7e50754ef13c63d0d79784da94ea537924e0c05444587fe255ffe2b9a39eb7
Red Hat Security Advisory 2020-3586-01
Posted Sep 1, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-3586-01 - The Advanced Virtualization module provides the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Issues addressed include information leakage and out of bounds read vulnerabilities.

tags | advisory, vulnerability
systems | linux, redhat
advisories | CVE-2020-10756, CVE-2020-14339
SHA-256 | ad8866f7fc0a2a7af79d106635c88771d2aeef777e5d61c1ab39bbbb10d358eb
Ubuntu Security Notice USN-4467-1
Posted Aug 20, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4467-1 - Ziming Zhang and VictorV discovered that the QEMU SLiRP networking implementation incorrectly handled replying to certain ICMP echo requests. An attacker inside a guest could possibly use this issue to leak host memory to obtain sensitive information. This issue only affected Ubuntu 18.04 LTS. Eric Blake and Xueqiang Wei discovered that the QEMU NDB implementation incorrectly handled certain requests. A remote attacker could possibly use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 20.04 LTS. Various other issues were also addressed.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2020-10756, CVE-2020-10761, CVE-2020-12829, CVE-2020-13253, CVE-2020-13361, CVE-2020-13362, CVE-2020-13659, CVE-2020-13754, CVE-2020-13765, CVE-2020-13800, CVE-2020-14415, CVE-2020-15863, CVE-2020-16092
SHA-256 | 9aa3179b34eb601658a9a487805ca5302a3e7b10616c6b4f88ebda6983d3906c
Debian Security Advisory 4728-1
Posted Jul 28, 2020
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4728-1 - Multiple security issues were discovered in QEMU, a fast processor emulator, which could result in denial of service.

tags | advisory, denial of service
systems | linux, debian
advisories | CVE-2020-10756, CVE-2020-13361, CVE-2020-13362, CVE-2020-13659, CVE-2020-13754
SHA-256 | dea50ea2adefea567a4b636347dcd73912d096e9869103369b2261024a9815ff
Ubuntu Security Notice USN-4437-1
Posted Jul 27, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4437-1 - Ziming Zhang and VictorV discovered that libslirp incorrectly handled replying to certain ICMP echo requests. A remote attacker could possibly use this issue to cause libslirp to crash, resulting in a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2020-10756
SHA-256 | 542dc28988393ded6d10f8f0c0f25a7f0eebae318a0befb7410ce775b4be7c14
Page 1 of 1
Back1Next

File Archive:

December 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    2 Files
  • 2
    Dec 2nd
    12 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close