Libslirp
CVE-2021-3593
LOW
Severity by source
AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
Lifecycle Timeline
1DescriptionNVD
An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the udp6_input() function and could occur while processing a udp packet that is smaller than the size of the 'udphdr' structure. This issue may lead to out-of-bounds read access or indirect host memory disclosure to the guest. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0.
AnalysisAI
An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. Rated low severity (CVSS 3.8), this vulnerability is low attack complexity.
Technical ContextAI
This vulnerability is classified under CWE-824. An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the udp6_input() function and could occur while processing a udp packet that is smaller than the size of the 'udphdr' structure. This issue may lead to out-of-bounds read access or indirect host memory disclosure to the guest. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0. Affected products include: Libslirp Project Libslirp, Redhat Enterprise Linux, Fedoraproject Fedora, Debian Debian Linux. Version information: prior to 4.6.0..
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
A use after free vulnerability in ip_reass() in ip_input.c of libslirp 4.2.0 and prior releases allows crafted packets t
ip_reass in ip_input.c in libslirp 4.0.0 has a heap-based buffer overflow via a large packet because it mishandles a cas
slirp.c in libslirp through 4.3.1 has a buffer over-read because it tries to read a certain amount of header data even i
tftp.c in libslirp 4.1.0, as used in QEMU 4.2.0, does not prevent ..\ directory traversal on Windows. Rated high severit
libslirp 4.0.0, as used in QEMU 4.1.0, has a use-after-free in ip_reass in ip_input.c. Rated high severity (CVSS 7.5), t
Out-of-bounds heap read and integer underflow in libslirp's TCP urgent data handler (sosendoob) exposes gigabytes of hos
An out-of-bounds read vulnerability was found in the SLiRP networking implementation of the QEMU emulator. Rated medium
In libslirp 4.1.0, as used in QEMU 4.2.0, tcp_subr.c misuses snprintf return values, leading to a buffer overflow in lat
tcp_emu in tcp_subr.c in libslirp 4.1.0, as used in QEMU 4.2.0, mismanages memory, as demonstrated by IRC DCC commands i
ncsi.c in libslirp through 4.3.1 has a buffer over-read because it tries to read a certain amount of header data even if
An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. Rated low severity (CV
An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. Rated low severity (CV
Same weakness CWE-824 – Access of Uninitialized Pointer
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today