6.5 - CVE-2020-1983

Executive Summary

Informations
Name	CVE-2020-1983	First vendor Publication	2020-04-22
Vendor	Cve	Last vendor Modification	2023-11-07

Security-Database Scoring CVSS v3

Cvss vector : CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
Overall CVSS Score	6.5
Base Score	6.5	Environmental Score	6.5
impact SubScore	4	Temporal Score	6.5
Exploitabality Sub Score	2

Attack Vector	Local	Attack Complexity	Low
Privileges Required	Low	User Interaction	None
Scope	Changed	Confidentiality Impact	None
Integrity Impact	None	Availability Impact	High
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:L/Au:N/C:N/I:N/A:P)
Cvss Base Score	2.1	Attack Range	Local
Cvss Impact Score	2.9	Attack Complexity	Low
Cvss Expoit Score	3.9	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

A use after free vulnerability in ip_reass() in ip_input.c of libslirp 4.2.0 and prior releases allows crafted packets to cause a denial of service.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1983

CWE : Common Weakness Enumeration

%	Id	Name
100 %	CWE-416	Use After Free

CPE : Common Platform Enumeration

Type	Description	Count
Application	Libslirp Project Libslirp cpe:2.3:a:libslirp_project:libslirp:4.1.0:::::::* cpe:2.3:a:libslirp_project:libslirp:4.0.0:::::::* cpe:2.3:a:libslirp_project:libslirp:4.0.0:-:::::: cpe:2.3:a:libslirp_project:libslirp::::::::	4
Os	Canonical Ubuntu Linux cpe:2.3:o:canonical:ubuntu_linux:20.04::::lts::: cpe:2.3:o:canonical:ubuntu_linux:19.10:::::::* cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts::: cpe:2.3:o:canonical:ubuntu_linux:16.04::::esm:::	4
Os	Debian Debian Linux cpe:2.3:o:debian:debian_linux:9.0:::::::* cpe:2.3:o:debian:debian_linux:8.0:::::::*	2
Os	Fedoraproject Fedora cpe:2.3:o:fedoraproject:fedora:32:::::::* cpe:2.3:o:fedoraproject:fedora:31:::::::*	2
Os	Opensuse Leap cpe:2.3:o:opensuse:leap:15.1:::::::*	1

Sources (Detail)

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedora...
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedora...

Source	Url
DEBIAN	https://www.debian.org/security/2020/dsa-4665
MISC	https://gitlab.freedesktop.org/slirp/libslirp/-/commit/9ac0371bb8c0a40f5d9f82... https://gitlab.freedesktop.org/slirp/libslirp/-/issues/20
MLIST	https://lists.debian.org/debian-lts-announce/2020/06/msg00032.html https://lists.debian.org/debian-lts-announce/2020/07/msg00020.html
SUSE	http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00022.html http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00001.html
UBUNTU	https://usn.ubuntu.com/4372-1/

Alert History

If you want to see full details history, please login or register.

Date	Informations
2023-11-07 21:37:30	Multiple Updates
2023-01-27 21:27:40	Multiple Updates
2021-05-04 13:49:56	Multiple Updates
2021-04-22 03:01:36	Multiple Updates
2020-07-26 21:23:14	Multiple Updates
2020-07-22 01:25:54	Multiple Updates
2020-06-30 05:22:41	Multiple Updates
2020-06-02 21:23:09	Multiple Updates
2020-05-29 05:22:48	Multiple Updates
2020-05-28 21:23:12	Multiple Updates
2020-05-24 01:31:19	Multiple Updates
2020-05-23 02:36:04	First insertion

Global Informations

Type	Count
CWE ID(s)	1
CPE ID(s)	13
Sources(s)	10

	Related
5	DSA-4665
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 1 more Alert(s)

Copyright Security-Database 2006-2024 - Powered by themself ;) in 0.0452s

Facebook rss twitter linkedin mail