CVE-2020-8608

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2020-8608
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-8608.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2020-8608
Downstream
Related
Published
2020-02-06T17:15:14Z
Modified
2025-11-09T14:43:49.542266Z
Severity
  • 5.6 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L CVSS Calculator
Summary
[none]
Details

In libslirp 4.1.0, as used in QEMU 4.2.0, tcp_subr.c misuses snprintf return values, leading to a buffer overflow in later code.

References

Affected packages

Git / github.com/spring-projects/spring-framework

Affected ranges

Type
GIT
Repo
https://github.com/spring-projects/spring-framework
Events
Introduced
0 Unknown introduced commit / All previous commits are affected

Git / gitlab.freedesktop.org/slirp/libslirp

Affected ranges

Type
GIT
Repo
https://gitlab.freedesktop.org/slirp/libslirp
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
68ccb8021a838066f0951d4b2817eb6b6f10a843

Affected versions

Other

release_0_10_0
release_0_10_1
release_0_10_2
release_0_6_0
release_0_6_1
release_0_7_0
release_0_7_1
release_0_8_1
release_0_8_2
release_0_9_0
release_0_9_1

v0.*

v0.10.0
v0.10.1
v0.10.2
v0.10.3
v0.10.4
v0.10.5
v0.10.6
v0.11.0-rc0
v0.12.0
v0.12.0-rc0
v0.12.0-rc1
v0.12.0-rc2
v0.12.1
v0.13.0
v0.13.0-rc0
v0.13.0-rc1
v0.13.0-rc2
v0.13.0-rc3
v0.14.0-rc0
v0.14.0-rc1
v0.15.0
v0.15.0-rc0
v0.15.0-rc1
v0.15.0-rc2
v0.15.1
v0.6.0
v0.6.1
v0.7.0
v0.7.1
v0.8.1
v0.8.2
v0.9.0
v0.9.1

v1.*

v1.0
v1.0-rc0
v1.0-rc1
v1.0-rc2
v1.0-rc3
v1.0-rc4
v1.0.1
v1.1-rc0
v1.1-rc1
v1.1-rc2
v1.1.0
v1.1.0-rc2
v1.1.0-rc3
v1.1.0-rc4
v1.1.1
v1.1.2
v1.2.0
v1.2.0-rc0
v1.2.0-rc1
v1.2.0-rc2
v1.2.0-rc3
v1.3.0
v1.3.0-rc0
v1.3.0-rc1
v1.3.0-rc2
v1.3.1
v1.4.0
v1.4.0-rc0
v1.4.0-rc1
v1.4.0-rc2
v1.5.0
v1.5.0-rc0
v1.5.0-rc1
v1.5.0-rc2
v1.5.0-rc3
v1.5.1
v1.5.2
v1.5.3
v1.6.0
v1.6.0-rc0
v1.6.0-rc1
v1.6.0-rc2
v1.6.0-rc3
v1.6.1
v1.6.2
v1.7.0
v1.7.0-rc0
v1.7.0-rc1
v1.7.0-rc2
v1.7.1
v1.7.2

v2.*

v2.0.0
v2.0.0-rc0
v2.0.0-rc1
v2.0.0-rc2
v2.0.0-rc3
v2.0.1
v2.0.2
v2.1.0
v2.1.0-rc0
v2.1.0-rc1
v2.1.0-rc2
v2.1.0-rc3
v2.1.0-rc4
v2.1.0-rc5
v2.1.1
v2.10.0
v2.10.0-rc0
v2.10.0-rc1
v2.10.0-rc2
v2.10.0-rc3
v2.10.0-rc4
v2.11.0
v2.11.0-rc0
v2.11.0-rc1
v2.11.0-rc2
v2.11.0-rc3
v2.11.0-rc4
v2.11.0-rc5
v2.11.1
v2.11.2
v2.12.0
v2.12.0-rc0
v2.12.0-rc1
v2.12.0-rc2
v2.12.0-rc3
v2.12.0-rc4
v2.12.1
v2.2.0
v2.2.0-rc0
v2.2.0-rc1
v2.2.0-rc2
v2.2.0-rc3
v2.2.0-rc4
v2.2.0-rc5
v2.2.1
v2.3.0
v2.3.0-rc0
v2.3.0-rc1
v2.3.0-rc2
v2.3.0-rc3
v2.3.0-rc4
v2.3.1
v2.4.0
v2.4.0-rc0
v2.4.0-rc1
v2.4.0-rc2
v2.4.0-rc3
v2.4.0-rc4
v2.4.0.1
v2.5.0
v2.5.0-rc0
v2.5.0-rc1
v2.5.0-rc2
v2.5.0-rc3
v2.5.0-rc4
v2.5.1
v2.5.1.1
v2.6.0
v2.6.0-rc0
v2.6.0-rc1
v2.6.0-rc2
v2.6.0-rc3
v2.6.0-rc4
v2.6.0-rc5
v2.7.0
v2.7.0-rc0
v2.7.0-rc1
v2.7.0-rc2
v2.7.0-rc3
v2.7.0-rc4
v2.7.0-rc5
v2.8.0
v2.8.0-rc0
v2.8.0-rc1
v2.8.0-rc2
v2.8.0-rc3
v2.8.0-rc4
v2.8.1
v2.8.1.1
v2.9.0
v2.9.0-rc0
v2.9.0-rc1
v2.9.0-rc2
v2.9.0-rc3
v2.9.0-rc4
v2.9.0-rc5

v3.*

v3.0.0
v3.0.0-rc0
v3.0.0-rc1
v3.0.0-rc2
v3.0.0-rc3
v3.0.0-rc4
v3.1.0
v3.1.0-rc0
v3.1.0-rc1
v3.1.0-rc2
v3.1.0-rc3
v3.1.0-rc4
v3.1.0-rc5

v4.*

v4.0.0
v4.0.0-rc0
v4.1.0

Database specific

vanir_signatures

[
    {
        "signature_version": "v1",
        "source": "https://gitlab.freedesktop.org/slirp/libslirp@68ccb8021a838066f0951d4b2817eb6b6f10a843",
        "deprecated": false,
        "id": "CVE-2020-8608-6b31d243",
        "target": {
            "file": "src/tcp_subr.c"
        },
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "246648876760480391059830316711041769480",
                "127439615238555046192080519638893348443",
                "223589317652917045666002013374394968170",
                "245596684563756949555195469012064437300",
                "194526991643005850067677639536938007027",
                "188893205728168835746341423704448688516",
                "282393555808581485874090025117595990314",
                "153431303589887970174056372056571214668",
                "25858351891616231709346514064225000812",
                "91982728810868740773815739603840717676",
                "317060831391956178219433144069180100685",
                "188893205728168835746341423704448688516",
                "92782018852356111485708160247098003542",
                "139311481486254240105809272040429908295",
                "149191584418569480501778977001248663817",
                "298045386813361464402400620012150195713",
                "272848814047538639148431331631225512190",
                "208323013283776806435445663037770380544",
                "236421557069710862660078927174498374671",
                "245674776238120024263612856855299285000",
                "267185354513032656647907935334471723415",
                "216933895929362785716587362691680375108",
                "62292012986368683187524842658639499442",
                "176029839855673906255372583779609769276",
                "132520196737418859885083555945567545859",
                "82162758469354334629913884814690013392",
                "336934841844850221297544373916342120898",
                "41361268106330889474799305467222635341",
                "100711868396011321646319668050873026326",
                "62292012986368683187524842658639499442",
                "77024491429738668846874679598737687986",
                "266114763669921623380735087941777007699",
                "285203754165203042380363300884601475109",
                "211022342319323311175830755330711834752",
                "96217543674087600064345527018584851810",
                "207095843971067530227188775095233988813",
                "62292012986368683187524842658639499442",
                "117259289927896706883870945701730633998",
                "92404445707750801789631655651031279228",
                "164102768652786240203980105465034849313",
                "292176810797231257996730492336267094302",
                "33450088625274173574651435422396885749",
                "261711723404151449456034420131531885862"
            ]
        },
        "signature_type": "Line"
    },
    {
        "signature_version": "v1",
        "source": "https://gitlab.freedesktop.org/slirp/libslirp@68ccb8021a838066f0951d4b2817eb6b6f10a843",
        "deprecated": false,
        "id": "CVE-2020-8608-b1ef7348",
        "target": {
            "function": "tcp_emu",
            "file": "src/tcp_subr.c"
        },
        "digest": {
            "function_hash": "100197469861033783327683667740240832823",
            "length": 6616.0
        },
        "signature_type": "Function"
    }
]