{ "threat_severity" : "Important", "public_date" : "2019-01-11T00:00:00Z", "bugzilla" : { "description" : "QEMU: slirp: heap buffer overflow in tcp_emu()", "id" : "1664205", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1664205" }, "cvss3" : { "cvss3_base_score" : "7.8", "cvss3_scoring_vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "status" : "verified" }, "cwe" : "CWE-122", "details" : [ "In QEMU 3.0.0, tcp_emu in slirp/tcp_subr.c has a heap-based buffer overflow.", "A heap buffer overflow issue was found in the SLiRP networking implementation of the QEMU emulator. It occurs in tcp_emu() routine while emulating the Identification protocol and copying message data to a socket buffer. A user or process could use this flaw to crash the QEMU process on the host resulting in a DoS or potentially executing arbitrary code with privileges of the QEMU process." ], "statement" : "Red Hat OpenStack Platform: \nThis flaw impacts KVM user-mode or SLIRP networking, which is not used in Red Hat OpenStack. Updating is recommended, however Red Hat OpenStack installs are not vulnerable to the described flaw due to the vulnerable feature not being used.", "acknowledgement" : "Red Hat would like to thank Kira (Tencent Keen Security Lab) for reporting this issue.", "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux 6", "release_date" : "2019-09-24T00:00:00Z", "advisory" : "RHSA-2019:2892", "cpe" : "cpe:/o:redhat:enterprise_linux:6", "package" : "qemu-kvm-2:0.12.1.2-2.506.el6_10.5" }, { "product_name" : "Red Hat Enterprise Linux 7", "release_date" : "2019-07-29T00:00:00Z", "advisory" : "RHSA-2019:1883", "cpe" : "cpe:/o:redhat:enterprise_linux:7", "package" : "qemu-kvm-10:1.5.3-160.el7_6.3" }, { "product_name" : "Red Hat OpenStack Platform 10.0 (Newton)", "release_date" : "2019-08-09T00:00:00Z", "advisory" : "RHSA-2019:2425", "cpe" : "cpe:/a:redhat:openstack:10::el7", "package" : "qemu-kvm-rhev-10:2.12.0-33.el7", "impact" : "low" }, { "product_name" : "Red Hat OpenStack Platform 13.0 (Queens)", "release_date" : "2019-08-09T00:00:00Z", "advisory" : "RHSA-2019:2425", "cpe" : "cpe:/a:redhat:openstack:13::el7", "package" : "qemu-kvm-rhev-10:2.12.0-33.el7", "impact" : "low" }, { "product_name" : "Red Hat OpenStack Platform 14.0 (Rocky)", "release_date" : "2019-08-09T00:00:00Z", "advisory" : "RHSA-2019:2425", "cpe" : "cpe:/a:redhat:openstack:14::el7", "package" : "qemu-kvm-rhev-10:2.12.0-33.el7", "impact" : "low" }, { "product_name" : "Red Hat Virtualization 4 for Red Hat Enterprise Linux 7", "release_date" : "2019-07-30T00:00:00Z", "advisory" : "RHSA-2019:1968", "cpe" : "cpe:/o:redhat:enterprise_linux:7::hypervisor", "package" : "qemu-kvm-rhev-10:2.12.0-18.el7_6.7" }, { "product_name" : "Red Hat Virtualization Engine 4.2", "release_date" : "2019-07-30T00:00:00Z", "advisory" : "RHSA-2019:1968", "cpe" : "cpe:/a:redhat:rhev_manager:4.2", "package" : "qemu-kvm-rhev-10:2.12.0-18.el7_6.7" }, { "product_name" : "Red Hat Virtualization Engine 4.3", "release_date" : "2019-07-30T00:00:00Z", "advisory" : "RHSA-2019:1968", "cpe" : "cpe:/a:redhat:rhev_manager:4.3", "package" : "qemu-kvm-rhev-10:2.12.0-18.el7_6.7" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 5", "fix_state" : "Will not fix", "package_name" : "kvm", "cpe" : "cpe:/o:redhat:enterprise_linux:5" }, { "product_name" : "Red Hat Enterprise Linux 5", "fix_state" : "Not affected", "package_name" : "xen", "cpe" : "cpe:/o:redhat:enterprise_linux:5" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "virt:rhel/qemu-kvm", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat OpenStack Platform 8 (Liberty)", "fix_state" : "Out of support scope", "package_name" : "qemu-kvm-rhev", "cpe" : "cpe:/a:redhat:openstack:8" }, { "product_name" : "Red Hat OpenStack Platform 9 (Mitaka)", "fix_state" : "Out of support scope", "package_name" : "qemu-kvm-rhev", "cpe" : "cpe:/a:redhat:openstack:9" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2019-6778\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-6778" ], "name" : "CVE-2019-6778", "csaw" : false }