CVE-2026-9539
MediumCVSS 6.5Exploitation Probability (EPSS)
Low risk1th percentile — higher than 1% of all known CVEs
Summary
An out-of-bounds heap read and integer underflow in TCP urgent data handling in libslirp versions before v4.9.2 allows a privileged guest VM attacker to leak sensitive host-process heap memory.
Risk Assessment
This vulnerability can lead to the disclosure of gigabytes of sensitive host process memory, posing a serious threat to data security in virtual environments.
Recommendation
It is recommended to update libslirp to at least version v4.9.2 to mitigate the risks associated with this vulnerability.
Original NVD description (English source)
An out-of-bounds heap read and integer underflow in the TCP urgent data handling (sosendoob) in freedesktop.org libslirp version before v4.9.2 on hypervisor host environments (e.g., QEMU) allows a privileged guest VM attacker (root or CAP_NET_RAW) to leak gigabytes of sensitive host-process heap memory via sending crafted TCP segments with manipulated URG flags and urgent pointers (ti_urp).

