tcpemu in tcpsubr.c in libslirp 4.1.0, as used in QEMU 4.2.0, mismanages memory, as demonstrated by IRC DCC commands in EMU_IRC. This can cause a heap-based buffer overflow or other out-of-bounds access which can lead to a DoS or potential execute arbitrary code.
{ "vanir_signatures": [ { "digest": { "threshold": 0.9, "line_hashes": [ "241284285325634071912458277399824585701", "101024470289889841703992026745821739860", "46610385591659169243295099148013167523", "132650339709434889629960677488439439114", "3207942234795332521456043419559591854", "95411540399998749707763516469279061285", "319218515594435546624940427699079978353", "204887157760773484595687427919028940019", "95904249482584446495943420617708760582", "3207942234795332521456043419559591854", "209517937668929253962348685190549018146", "40802723628150449286468541765947464847", "134894284404824705336579519351776315941", "111803825195004922490986731124225859938" ] }, "id": "CVE-2020-7039-66dd0ac8", "source": "https://gitlab.freedesktop.org/slirp/libslirp@ce131029d6d4a405cb7d3ac6716d03e58fb4a5d9", "signature_type": "Line", "signature_version": "v1", "target": { "file": "src/tcp_subr.c" }, "deprecated": false }, { "digest": { "function_hash": "221627384635618976683759339920942865720", "length": 6632.0 }, "id": "CVE-2020-7039-8a519e5a", "source": "https://gitlab.freedesktop.org/slirp/libslirp@ce131029d6d4a405cb7d3ac6716d03e58fb4a5d9", "signature_type": "Function", "signature_version": "v1", "target": { "file": "src/tcp_subr.c", "function": "tcp_emu" }, "deprecated": false }, { "digest": { "function_hash": "140651076775259481436786107058209110775", "length": 6508.0 }, "id": "CVE-2020-7039-ab5b2a67", "source": "https://gitlab.freedesktop.org/slirp/libslirp@2655fffed7a9e765bcb4701dd876e9dab975f289", "signature_type": "Function", "signature_version": "v1", "target": { "file": "src/tcp_subr.c", "function": "tcp_emu" }, "deprecated": false }, { "digest": { "threshold": 0.9, "line_hashes": [ "15140320714121997435057219044735030567", "156375986140405105978356906120087512541", "316338764136262695171768734962189969112", "244401903337416974613622709277191320620", "241036784587630143944011798907199304443", "142282155878608727980020123582809939206", "32139479471153033922636960518668746078" ] }, "id": "CVE-2020-7039-b7d4660f", "source": "https://gitlab.freedesktop.org/slirp/libslirp@2655fffed7a9e765bcb4701dd876e9dab975f289", "signature_type": "Line", "signature_version": "v1", "target": { "file": "src/tcp_subr.c" }, "deprecated": false } ] }