tcpemu in tcpsubr.c in libslirp 4.1.0, as used in QEMU 4.2.0, mismanages memory, as demonstrated by IRC DCC commands in EMU_IRC. This can cause a heap-based buffer overflow or other out-of-bounds access which can lead to a DoS or potential execute arbitrary code.
{ "vanir_signatures": [ { "digest": { "length": 6641.0, "function_hash": "16394558136358550035582286927942919055" }, "target": { "function": "tcp_emu", "file": "src/tcp_subr.c" }, "signature_type": "Function", "source": "https://gitlab.freedesktop.org/slirp/libslirp@82ebe9c370a0e2970fb5695aa19aa5214a6a1c80", "deprecated": false, "signature_version": "v1", "id": "CVE-2020-7039-6b9a8895" }, { "digest": { "length": 6508.0, "function_hash": "140651076775259481436786107058209110775" }, "target": { "function": "tcp_emu", "file": "src/tcp_subr.c" }, "signature_type": "Function", "source": "https://gitlab.freedesktop.org/slirp/libslirp@2655fffed7a9e765bcb4701dd876e9dab975f289", "deprecated": false, "signature_version": "v1", "id": "CVE-2020-7039-ab5b2a67" }, { "digest": { "line_hashes": [ "15140320714121997435057219044735030567", "156375986140405105978356906120087512541", "316338764136262695171768734962189969112", "244401903337416974613622709277191320620", "241036784587630143944011798907199304443", "142282155878608727980020123582809939206", "32139479471153033922636960518668746078" ], "threshold": 0.9 }, "target": { "file": "src/tcp_subr.c" }, "signature_type": "Line", "source": "https://gitlab.freedesktop.org/slirp/libslirp@2655fffed7a9e765bcb4701dd876e9dab975f289", "deprecated": false, "signature_version": "v1", "id": "CVE-2020-7039-b7d4660f" } ] }