Qemu 3.0.0 Information Disclosure Vulnerability

Summary

tcp_emu in slirp/tcp_subr.c (aka slirp/src/tcp_subr.c) in QEMU 3.0.0 uses uninitialized data in an snprintf call, leading to Information disclosure.

Credit:

The information has been provided by Philippe Mathieu-Daudé
The original article can be found at: https://lists.gnu.org/archive/html/qemu-devel/2019-03/msg00400.html


Details

Qemu is prone to a gain information vulnerability.This allows local or remote attackers to gain privileges via a malicious program in the affected application

Vulnerable Systems:

  • Qemu 3.0.0

    CVE Information:
    CVE-2019-9824

    Disclosure Timeline:
    Publish Date:06/03/2019

    Categories: News