CVE-2020-10756

MEDIUM

QEMU <4.3.1 - Info Disclosure

Title source: llm

Description

An out-of-bounds read vulnerability was found in the SLiRP networking implementation of the QEMU emulator. This flaw occurs in the icmp6_send_echoreply() routine while replying to an ICMP echo request, also known as ping. This flaw allows a malicious guest to leak the contents of the host memory, resulting in possible information disclosure. This flaw affects versions of libslirp before 4.3.1.

References (10)

Core 10

Core References

Issue Tracking, Patch, Third Party Advisory x_refsource_misc

https://bugzilla.redhat.com/show_bug.cgi?id=1835986

Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JYTZ32P67PZER6P7TW6FQK3SZRKQLVEI/

Mailing List, Third Party Advisory vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00035.html

Mailing List, Third Party Advisory vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00040.html

Mailing List, Third Party Advisory vendor-advisory x_refsource_debian

https://www.debian.org/security/2020/dsa-4728

Mailing List, Third Party Advisory mailing-list x_refsource_mlist

https://lists.debian.org/debian-lts-announce/2020/07/msg00020.html

Third Party Advisory vendor-advisory x_refsource_ubuntu

https://usn.ubuntu.com/4437-1/

Third Party Advisory, VDB Entry x_refsource_misc

https://www.zerodayinitiative.com/advisories/ZDI-20-1005/

Third Party Advisory vendor-advisory x_refsource_ubuntu

https://usn.ubuntu.com/4467-1/

Third Party Advisory x_refsource_confirm

https://security.netapp.com/advisory/ntap-20201001-0001/

Scores

CVSS v3 6.5

EPSS 0.0003

EPSS Percentile 7.2%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Details

CWE

CWE-125

Status published

Products (11)

canonical/ubuntu_linux 16.04

canonical/ubuntu_linux 18.04

canonical/ubuntu_linux 20.04

debian/debian_linux 9.0

debian/debian_linux 10.0

libslirp_project/libslirp < 4.3.1

opensuse/leap 15.0

opensuse/leap 15.1

redhat/enterprise_linux 7.0

redhat/enterprise_linux 8.0 (2 CPE variants)

... and 1 more

Published Jul 09, 2020

Tracked Since Feb 18, 2026