CVE-2020-8608: 
NixOS vulnerability analysis and mitigation

In libslirp 4.1.0, as used in QEMU 4.2.0, tcp_subr.c misuses snprintf return values, leading to a buffer overflow in later code. The vulnerability was discovered and disclosed on February 6, 2020, affecting the SLiRP networking implementation in QEMU emulator (NVD, CVE).

The vulnerability occurs in the tcp_emu() routine while emulating IRC and other protocols due to unsafe usage of the snprintf(3) function. The issue stems from incorrect handling of snprintf return values, which can lead to a buffer overflow condition in subsequent code execution. The vulnerability has been assigned a CVSS v3.1 base score of 5.6 (Medium) with the vector string CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L (NVD).

A successful exploitation of this vulnerability could allow an attacker to cause a denial of service by crashing the QEMU process on the host, or potentially execute arbitrary code with the privileges of the QEMU process. The vulnerability could lead to disclosure of sensitive information, addition or modification of data, or system unavailability (NetApp Advisory).

The vulnerability has been fixed in multiple distributions. Ubuntu has released patches for versions 19.10, 18.04, and 16.04 (Ubuntu USN). Debian has addressed the issue in version 1:3.1+dfsg-8+deb10u7 for the stable distribution (Debian Security). OpenSUSE has released security update openSUSE-SU-2020:0468-1 to address this vulnerability (OpenSUSE Advisory).