CVE-2020-29129, CVE-2020-29130 out-of-bound access during processing ARP and NCSI packets (libslirp)

https://security-tracker.debian.org/tracker/CVE-2020-29129

ncsi.c in libslirp through 4.3.1 has a buffer over-read because it tries to read a certain amount of header data even if that exceeds the total packet length.

https://security-tracker.debian.org/tracker/CVE-2020-29130

slirp.c in libslirp through 4.3.1 has a buffer over-read because it tries to read a certain amount of header data even if that exceeds the total packet length.

Fixed in libslirp v4.4.0: https://gitlab.freedesktop.org/slirp/libslirp/-/merge_requests/57/diffs?commit_id=2e1dcbc0c2af64fcb17009eaf2ceedd81be2b27f

slirp4netns might be affected depending on the libslirp version.

Run slirp4netns --version to show the libslirp version linked with your slirp4netns binary.

$ slirp4netns --version
slirp4netns version 1.1.8
commit: d361001f495417b880f20329121e3aa431a8f90f
libslirp: 4.4.0
SLIRP_CONFIG_VERSION_MAX: 3
libseccomp: 2.4.3

If your libslirp version is >= 4.4.0, you are not affected.
Otherwise you need to update libslirp to v4.4.0, but no need to update slirp4netns, as long as your slirp4netns binary is dynamically linked with libslirp.

Note: slirp4netns releases prior to v1.0.0 are always statically linked with libslirp, and are affected regardless to the system libslirp version. These old versions are no longer maintained. If you are using these old version, please update to slirp4netns v1.x.x ASAP.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

CVE-2020-29129, CVE-2020-29130 out-of-bound access during processing ARP and NCSI packets (libslirp)

Package

Affected versions

Patched versions

Description

Severity

CVE ID

Weaknesses