Re: [pve-devel] [PATCH pve-qemu] security patches for libslirp CVE-2020-8608

On 2/6/20 3:25 PM, Oguz Bektas wrote: > original commits and email can be found here[0] > > A out-of-bounds heap buffer access issue was found in the SLiRP > networking implementation of the QEMU emulator. It occurs in tcp_emu() > routine while emulating IRC and other protocols due to unsafe usage

Re: [pve-devel] [PATCH pve-qemu] security patches for libslirp CVE-2020-8608

hi, On Fri, Feb 07, 2020 at 09:03:50AM +0100, Thomas Lamprecht wrote: > On 2/6/20 3:25 PM, Oguz Bektas wrote: > > original commits and email can be found here[0] > > > > A out-of-bounds heap buffer access issue was found in the SLiRP > > networking implementation of the QEMU emulator. It occurs i

Re: [pve-devel] [PATCH pve-qemu] security patches for libslirp CVE-2020-8608

On 2/6/20 3:25 PM, Oguz Bektas wrote: > original commits and email can be found here[0] > > A out-of-bounds heap buffer access issue was found in the SLiRP > networking implementation of the QEMU emulator. It occurs in tcp_emu() > routine while emulating IRC and other protocols due to unsafe usage

[pve-devel] [PATCH pve-qemu] security patches for libslirp CVE-2020-8608

original commits and email can be found here[0] A out-of-bounds heap buffer access issue was found in the SLiRP networking implementation of the QEMU emulator. It occurs in tcp_emu() routine while emulating IRC and other protocols due to unsafe usage of snprintf(3) function. A user/process could