Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2026-9539
PUBLISHED
More InfoOfficial Page
Assigner-STAR_Labs
Assigner Org ID-b1571b85-cbc9-431f-830b-0c8155323a69
View Known Exploited Vulnerability (KEV) details
Published At-24 Jun, 2026 | 04:37
Updated At-24 Jun, 2026 | 12:39
Rejected At-
▼CVE Numbering Authority (CNA)
libslirp TCP URG OOB Read Information Leak

An out-of-bounds heap read and integer underflow in the TCP urgent data handling (sosendoob) in freedesktop.org libslirp version before v4.9.2 on hypervisor host environments (e.g., QEMU) allows a privileged guest VM attacker (root or CAP_NET_RAW) to leak gigabytes of sensitive host-process heap memory via sending crafted TCP segments with manipulated URG flags and urgent pointers (ti_urp).

Affected Products
Vendor
freedesktop.orgfreedesktop.org
Product
libslirp
Repo
https://gitlab.freedesktop.org/slirp/libslirp/
Default Status
unaffected
Versions
Affected
  • From 0 before 4.9.2 (semver)
    • -> unaffectedfrom4.9.2
Problem Types
TypeCWE IDDescription
CWECWE-125CWE-125 Out-of-bounds read
Type: CWE
CWE ID: CWE-125
Description: CWE-125 Out-of-bounds read
Metrics
VersionBase scoreBase severityVector
3.16.5MEDIUM
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-131CAPEC-131 Resource Leak Exposure
CAPEC ID: CAPEC-131
Description: CAPEC-131 Resource Leak Exposure
Solutions

Configurations

Workarounds

Exploits

Credits

finder
Bruce Chen of STAR Labs SG Pte. Ltd.
finder
Shi Weiming of STAR Labs SG Pte. Ltd.
Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://gitlab.freedesktop.org/slirp/libslirp/-/work_items/93
issue-tracking
https://gitlab.freedesktop.org/slirp/libslirp/-/commit/927bca7344e31fd58e2f7afaca784aad4400eb84
patch
https://gitlab.freedesktop.org/slirp/libslirp/-/releases/v4.9.2
release-notes
Hyperlink: https://gitlab.freedesktop.org/slirp/libslirp/-/work_items/93
Resource:
issue-tracking
Hyperlink: https://gitlab.freedesktop.org/slirp/libslirp/-/commit/927bca7344e31fd58e2f7afaca784aad4400eb84
Resource:
patch
Hyperlink: https://gitlab.freedesktop.org/slirp/libslirp/-/releases/v4.9.2
Resource:
release-notes
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://gitlab.freedesktop.org/slirp/libslirp/-/work_items/93
exploit
Hyperlink: https://gitlab.freedesktop.org/slirp/libslirp/-/work_items/93
Resource:
exploit
Details not found