CVE-2019-14378
HIGHlibslirp 4.0.0 - Heap-Based Buffer Overflow in ip_reass
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2019-14378. PoCs published by vishnudevtj.
AI-analyzed exploit summary This exploit targets CVE-2019-14378, a heap overflow vulnerability in QEMU's SLiRP networking. It crafts malicious ICMP packets to trigger the vulnerability, leading to potential remote code execution (RCE) on the host system.
Description
ip_reass in ip_input.c in libslirp 4.0.0 has a heap-based buffer overflow via a large packet because it mishandles a case involving the first fragment.
Exploits (1)
exploitdb
WORKING POC
by vishnudevtj · cdoslinux
https://www.exploit-db.com/exploits/47320
This exploit targets CVE-2019-14378, a heap overflow vulnerability in QEMU's SLiRP networking. It crafts malicious ICMP packets to trigger the vulnerability, leading to potential remote code execution (RCE) on the host system.
Classification
Working Poc 95%
Attack Type
Rce
Complexity
Complex
Reliability
Reliable
Target:
QEMU (SLiRP networking)
No auth needed
Prerequisites:
Network access to the vulnerable QEMU instance · SLiRP networking enabled in QEMU
mistral-large-3 · analyzed Feb 16, 2026
Full analysis →
References (27)
Core 27
Core References
Patch, Third Party Advisory x_refsource_misc
https://gitlab.freedesktop.org/slirp/libslirp/commit/126c04acbabd7ad32c2b018fe10dfac2a3bc1210
Third Party Advisory mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2019/08/01/2
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UPLHB2AN663OXAWUQURF7J2X5LHD4VD3/
Mailing List mailing-list
x_refsource_bugtraq
https://seclists.org/bugtraq/2019/Aug/41
Various Sources x_refsource_misc
https://blog.bi0s.in/2019/08/24/Pwn/VM-Escape/2019-07-29-qemu-vm-escape-cve-2019-14378/
Various Sources x_refsource_misc
https://news.ycombinator.com/item?id=20799010
Exploit, Third Party Advisory x_refsource_misc
http://packetstormsecurity.com/files/154269/QEMU-Denial-Of-Service.html
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00000.html
Mailing List mailing-list
x_refsource_bugtraq
https://seclists.org/bugtraq/2019/Sep/3
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00008.html
Vendor Advisory x_refsource_confirm
https://support.f5.com/csp/article/K25423748
Mailing List mailing-list
x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2019/09/msg00021.html
Vendor Advisory x_refsource_confirm
https://support.f5.com/csp/article/K25423748?utm_source=f5support&%3Butm_medium=RSS
Vendor Advisory vendor-advisory
x_refsource_ubuntu
https://usn.ubuntu.com/4191-2/
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00034.html
Vendor Advisory vendor-advisory
x_refsource_ubuntu
https://usn.ubuntu.com/4191-1/
Third Party Advisory vendor-advisory
x_refsource_debian
https://www.debian.org/security/2019/dsa-4506
Third Party Advisory vendor-advisory
x_refsource_debian
https://www.debian.org/security/2019/dsa-4512
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2019:3179
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2019:3403
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2019:3494
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2019:3742
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2019:3787
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2019:3968
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2019:4344
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2020:0366
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2020:0775
Scores
CVSS v3
8.8
EPSS
0.1666
EPSS Percentile
96.6%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-755
CWE-787
Status
published
Products (1)
libslirp_project/libslirp
4.0.0
Published
Jul 29, 2019
Tracked Since
Feb 18, 2026