CVE Catalog

CVE-2026-9539

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.11%

1th percentile — higher than 1% of all known CVEs

Summary

An out-of-bounds heap read and integer underflow in TCP urgent data handling in libslirp versions before v4.9.2 allows a privileged guest VM attacker to leak sensitive host-process heap memory.

Risk Assessment

This vulnerability can lead to the disclosure of gigabytes of sensitive host process memory, posing a serious threat to data security in virtual environments.

Recommendation

It is recommended to update libslirp to at least version v4.9.2 to mitigate the risks associated with this vulnerability.

Original NVD description (English source)

An out-of-bounds heap read and integer underflow in the TCP urgent data handling (sosendoob) in freedesktop.org libslirp version before v4.9.2 on hypervisor host environments (e.g., QEMU) allows a privileged guest VM attacker (root or CAP_NET_RAW) to leak gigabytes of sensitive host-process heap memory via sending crafted TCP segments with manipulated URG flags and urgent pointers (ti_urp).

Vulnerability data from NVD (NIST) · CISA KEV · EPSS