CVE-2019-14378

HIGH

libslirp 4.0.0 - Heap-Based Buffer Overflow in ip_reass

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-14378. PoCs published by vishnudevtj.

AI-analyzed exploit summary This exploit targets CVE-2019-14378, a heap overflow vulnerability in QEMU's SLiRP networking. It crafts malicious ICMP packets to trigger the vulnerability, leading to potential remote code execution (RCE) on the host system.

Description

ip_reass in ip_input.c in libslirp 4.0.0 has a heap-based buffer overflow via a large packet because it mishandles a case involving the first fragment.

Exploits (1)

exploitdb WORKING POC
by vishnudevtj · cdoslinux
https://www.exploit-db.com/exploits/47320

This exploit targets CVE-2019-14378, a heap overflow vulnerability in QEMU's SLiRP networking. It crafts malicious ICMP packets to trigger the vulnerability, leading to potential remote code execution (RCE) on the host system.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Complex
Reliability
Reliable
Target: QEMU (SLiRP networking)
No auth needed
Prerequisites: Network access to the vulnerable QEMU instance · SLiRP networking enabled in QEMU
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (27)

Core 27
Core References
Third Party Advisory mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2019/08/01/2
Mailing List mailing-list x_refsource_bugtraq
https://seclists.org/bugtraq/2019/Aug/41
Various Sources x_refsource_misc
https://news.ycombinator.com/item?id=20799010
Exploit, Third Party Advisory x_refsource_misc
http://packetstormsecurity.com/files/154269/QEMU-Denial-Of-Service.html
Mailing List mailing-list x_refsource_bugtraq
https://seclists.org/bugtraq/2019/Sep/3
Vendor Advisory x_refsource_confirm
https://support.f5.com/csp/article/K25423748
Mailing List mailing-list x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2019/09/msg00021.html
Vendor Advisory vendor-advisory x_refsource_ubuntu
https://usn.ubuntu.com/4191-2/
Vendor Advisory vendor-advisory x_refsource_ubuntu
https://usn.ubuntu.com/4191-1/
Third Party Advisory vendor-advisory x_refsource_debian
https://www.debian.org/security/2019/dsa-4506
Third Party Advisory vendor-advisory x_refsource_debian
https://www.debian.org/security/2019/dsa-4512
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2019:3179
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2019:3403
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2019:3494
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2019:3742
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2019:3787
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2019:3968
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2019:4344
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2020:0366
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2020:0775

Scores

CVSS v3 8.8
EPSS 0.1666
EPSS Percentile 96.6%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-755 CWE-787
Status published
Products (1)
libslirp_project/libslirp 4.0.0
Published Jul 29, 2019
Tracked Since Feb 18, 2026