Qemu 3.0.0 Information Disclosure Vulnerability
tcp_emu in slirp/tcp_subr.c (aka slirp/src/tcp_subr.c) in QEMU 3.0.0 uses uninitialized data in an snprintf call, leading to Information disclosure.
The information has been provided by Philippe Mathieu-Daudé
The original article can be found at: https://lists.gnu.org/archive/html/qemu-devel/2019-03/msg00400.html
Qemu is prone to a gain information vulnerability.This allows local or remote attackers to gain privileges via a malicious program in the affected application
- Qemu 3.0.0