hw/net/tulip.c in QEMU 4.2.0 has a buffer overflow during the copying of tx/rx buffers because the frame size is not validated against the r/w data length. CREATE(Triage):(User=admin) CVE-2020-11102 (https://nvd.nist.gov/vuln/detail/CVE-2020-11102)