tcpemu in tcpsubr.c in libslirp 4.1.0, as used in QEMU 4.2.0, mismanages memory, as demonstrated by IRC DCC commands in EMU_IRC. This can cause a heap-based buffer overflow or other out-of-bounds access which can lead to a DoS or potential execute arbitrary code.
[
{
"source": "https://gitlab.freedesktop.org/slirp/libslirp@ce131029d6d4a405cb7d3ac6716d03e58fb4a5d9",
"target": {
"file": "src/tcp_subr.c"
},
"deprecated": false,
"signature_version": "v1",
"id": "CVE-2020-7039-66dd0ac8",
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"241284285325634071912458277399824585701",
"101024470289889841703992026745821739860",
"46610385591659169243295099148013167523",
"132650339709434889629960677488439439114",
"3207942234795332521456043419559591854",
"95411540399998749707763516469279061285",
"319218515594435546624940427699079978353",
"204887157760773484595687427919028940019",
"95904249482584446495943420617708760582",
"3207942234795332521456043419559591854",
"209517937668929253962348685190549018146",
"40802723628150449286468541765947464847",
"134894284404824705336579519351776315941",
"111803825195004922490986731124225859938"
]
}
},
{
"source": "https://gitlab.freedesktop.org/slirp/libslirp@ce131029d6d4a405cb7d3ac6716d03e58fb4a5d9",
"target": {
"function": "tcp_emu",
"file": "src/tcp_subr.c"
},
"deprecated": false,
"signature_version": "v1",
"id": "CVE-2020-7039-8a519e5a",
"signature_type": "Function",
"digest": {
"length": 6632.0,
"function_hash": "221627384635618976683759339920942865720"
}
},
{
"source": "https://gitlab.freedesktop.org/slirp/libslirp@2655fffed7a9e765bcb4701dd876e9dab975f289",
"target": {
"function": "tcp_emu",
"file": "src/tcp_subr.c"
},
"deprecated": false,
"signature_version": "v1",
"id": "CVE-2020-7039-ab5b2a67",
"signature_type": "Function",
"digest": {
"length": 6508.0,
"function_hash": "140651076775259481436786107058209110775"
}
},
{
"source": "https://gitlab.freedesktop.org/slirp/libslirp@2655fffed7a9e765bcb4701dd876e9dab975f289",
"target": {
"file": "src/tcp_subr.c"
},
"deprecated": false,
"signature_version": "v1",
"id": "CVE-2020-7039-b7d4660f",
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"15140320714121997435057219044735030567",
"156375986140405105978356906120087512541",
"316338764136262695171768734962189969112",
"244401903337416974613622709277191320620",
"241036784587630143944011798907199304443",
"142282155878608727980020123582809939206",
"32139479471153033922636960518668746078"
]
}
}
]