CVE-2019-9824
Public on 2019-06-03
Modified on 2020-07-29
Description
tcp_emu in slirp/tcp_subr.c (aka slirp/src/tcp_subr.c) in QEMU 3.0.0 uses uninitialized data in an snprintf call, leading to Information disclosure.
Severity
Low
CVSS v3 Base Score
See breakdown
Affected Packages
| Platform | Package | Release Date | Advisory | Status |
|---|---|---|---|---|
| Amazon Linux 2 - Core | qemu | 2019-07-18 | ALAS2-2019-1248 | Fixed |
| Amazon Linux 2 - Core | qemu | 2020-07-21 | ALAS2-2020-1467 | Fixed |
| Amazon Linux 1 | qemu-kvm | 2020-07-14 | ALAS-2020-1400 | Fixed |
| Amazon Linux 1 | qemu-kvm | 2020-07-27 | ALAS-2020-1408 | Fixed |
CVSS Scores
| Score Type | Score | Vector | |
|---|---|---|---|
| Amazon Linux | CVSSv3 | 2.8 | CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N |
| NVD | CVSSv2 | 2.1 | AV:L/AC:L/Au:N/C:P/I:N/A:N |
| NVD | CVSSv3 | 5.5 | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |