Skip to main content

Libslirp

14 CVEs product

Monthly

CVE-2026-9539 MEDIUM PATCH This Month

Out-of-bounds heap read and integer underflow in libslirp's TCP urgent data handler (sosendoob) exposes gigabytes of host process heap memory to a privileged guest VM attacker. All libslirp releases before v4.9.2, as embedded in hypervisors such as QEMU, are affected when guest workloads hold root or CAP_NET_RAW privileges. No public exploit has been identified and the vulnerability is not listed in CISA KEV, but the cross-VM-boundary scope change (S:C) and high confidentiality impact make this a material risk in multi-tenant or shared virtualization environments.

Buffer Overflow Information Disclosure Libslirp Suse
NVD VulDB
CVSS 3.1
6.5
EPSS
0.1%
CVE-2021-3595 LOW PATCH Monitor

An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. Rated low severity (CVSS 3.8), this vulnerability is low attack complexity.

Buffer Overflow Memory Corruption Libslirp Enterprise Linux Debian Linux +1
NVD
CVSS 3.1
3.8
EPSS
0.3%
CVE-2021-3594 LOW PATCH Monitor

An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. Rated low severity (CVSS 3.8), this vulnerability is low attack complexity.

Buffer Overflow Memory Corruption Libslirp Enterprise Linux Debian Linux +1
NVD
CVSS 3.1
3.8
EPSS
0.3%
CVE-2021-3593 LOW PATCH Monitor

An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. Rated low severity (CVSS 3.8), this vulnerability is low attack complexity.

Buffer Overflow Memory Corruption Libslirp Enterprise Linux Fedora +1
NVD
CVSS 3.1
3.8
EPSS
0.3%
CVE-2021-3592 LOW PATCH Monitor

An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. Rated low severity (CVSS 3.8), this vulnerability is low attack complexity.

Memory Corruption Information Disclosure Libslirp Enterprise Linux Debian Linux +1
NVD
CVSS 3.1
3.8
EPSS
0.3%
CVE-2020-29130 MEDIUM POC This Month

slirp.c in libslirp through 4.3.1 has a buffer over-read because it tries to read a certain amount of header data even if that exceeds the total packet length. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Libslirp Debian Linux Fedora
NVD
CVSS 3.1
4.3
EPSS
1.8%
CVE-2020-29129 MEDIUM This Month

ncsi.c in libslirp through 4.3.1 has a buffer over-read because it tries to read a certain amount of header data even if that exceeds the total packet length. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Libslirp Fedora Debian Linux
NVD
CVSS 3.1
4.3
EPSS
1.4%
CVE-2020-10756 MEDIUM PATCH This Month

An out-of-bounds read vulnerability was found in the SLiRP networking implementation of the QEMU emulator. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.

Buffer Overflow Information Disclosure Libslirp Openstack Enterprise Linux +3
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2020-1983 MEDIUM POC PATCH This Month

A use after free vulnerability in ip_reass() in ip_input.c of libslirp 4.2.0 and prior releases allows crafted packets to cause a denial of service. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. Public exploit code available.

Use After Free Denial Of Service Memory Corruption Libslirp Fedora +3
NVD
CVSS 3.1
6.5
EPSS
2.3%
CVE-2020-8608 MEDIUM PATCH This Month

In libslirp 4.1.0, as used in QEMU 4.2.0, tcp_subr.c misuses snprintf return values, leading to a buffer overflow in later code. Rated medium severity (CVSS 5.6), this vulnerability is remotely exploitable, no authentication required. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Libslirp Debian Linux Leap
NVD
CVSS 3.1
5.6
EPSS
2.5%
CVE-2020-7211 HIGH PATCH This Week

tftp.c in libslirp 4.1.0, as used in QEMU 4.2.0, does not prevent ..\ directory traversal on Windows. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Microsoft Path Traversal Libslirp Qemu
NVD
CVSS 3.1
7.5
EPSS
4.1%
CVE-2020-7039 MEDIUM PATCH This Month

tcp_emu in tcp_subr.c in libslirp 4.1.0, as used in QEMU 4.2.0, mismanages memory, as demonstrated by IRC DCC commands in EMU_IRC. Rated medium severity (CVSS 5.6), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow RCE Memory Corruption Libslirp Qemu +2
NVD
CVSS 3.1
5.6
EPSS
3.6%
CVE-2019-15890 HIGH PATCH This Week

libslirp 4.0.0, as used in QEMU 4.1.0, has a use-after-free in ip_reass in ip_input.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Information Disclosure Memory Corruption Libslirp Qemu
NVD
CVSS 3.1
7.5
EPSS
4.0%
CVE-2019-14378 HIGH POC PATCH THREAT This Week

ip_reass in ip_input.c in libslirp 4.0.0 has a heap-based buffer overflow via a large packet because it mishandles a case involving the first fragment. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Buffer Overflow Libslirp
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
16.7%
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Out-of-bounds heap read and integer underflow in libslirp's TCP urgent data handler (sosendoob) exposes gigabytes of host process heap memory to a privileged guest VM attacker. All libslirp releases before v4.9.2, as embedded in hypervisors such as QEMU, are affected when guest workloads hold root or CAP_NET_RAW privileges. No public exploit has been identified and the vulnerability is not listed in CISA KEV, but the cross-VM-boundary scope change (S:C) and high confidentiality impact make this a material risk in multi-tenant or shared virtualization environments.

Buffer Overflow Information Disclosure Libslirp +1
NVD VulDB
EPSS 0% CVSS 3.8
LOW PATCH Monitor

An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. Rated low severity (CVSS 3.8), this vulnerability is low attack complexity.

Buffer Overflow Memory Corruption Libslirp +3
NVD
EPSS 0% CVSS 3.8
LOW PATCH Monitor

An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. Rated low severity (CVSS 3.8), this vulnerability is low attack complexity.

Buffer Overflow Memory Corruption Libslirp +3
NVD
EPSS 0% CVSS 3.8
LOW PATCH Monitor

An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. Rated low severity (CVSS 3.8), this vulnerability is low attack complexity.

Buffer Overflow Memory Corruption Libslirp +3
NVD
EPSS 0% CVSS 3.8
LOW PATCH Monitor

An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. Rated low severity (CVSS 3.8), this vulnerability is low attack complexity.

Memory Corruption Information Disclosure Libslirp +3
NVD
EPSS 2% CVSS 4.3
MEDIUM POC This Month

slirp.c in libslirp through 4.3.1 has a buffer over-read because it tries to read a certain amount of header data even if that exceeds the total packet length. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Libslirp +2
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

ncsi.c in libslirp through 4.3.1 has a buffer over-read because it tries to read a certain amount of header data even if that exceeds the total packet length. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Libslirp +2
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

An out-of-bounds read vulnerability was found in the SLiRP networking implementation of the QEMU emulator. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.

Buffer Overflow Information Disclosure Libslirp +5
NVD
EPSS 2% CVSS 6.5
MEDIUM POC PATCH This Month

A use after free vulnerability in ip_reass() in ip_input.c of libslirp 4.2.0 and prior releases allows crafted packets to cause a denial of service. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. Public exploit code available.

Use After Free Denial Of Service Memory Corruption +5
NVD
EPSS 2% CVSS 5.6
MEDIUM PATCH This Month

In libslirp 4.1.0, as used in QEMU 4.2.0, tcp_subr.c misuses snprintf return values, leading to a buffer overflow in later code. Rated medium severity (CVSS 5.6), this vulnerability is remotely exploitable, no authentication required. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Libslirp Debian Linux +1
NVD
EPSS 4% CVSS 7.5
HIGH PATCH This Week

tftp.c in libslirp 4.1.0, as used in QEMU 4.2.0, does not prevent ..\ directory traversal on Windows. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Microsoft Path Traversal Libslirp +1
NVD
EPSS 4% CVSS 5.6
MEDIUM PATCH This Month

tcp_emu in tcp_subr.c in libslirp 4.1.0, as used in QEMU 4.2.0, mismanages memory, as demonstrated by IRC DCC commands in EMU_IRC. Rated medium severity (CVSS 5.6), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow RCE Memory Corruption +4
NVD
EPSS 4% CVSS 7.5
HIGH PATCH This Week

libslirp 4.0.0, as used in QEMU 4.1.0, has a use-after-free in ip_reass in ip_input.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Information Disclosure Memory Corruption +2
NVD
EPSS 17% CVSS 8.8
HIGH POC PATCH THREAT This Week

ip_reass in ip_input.c in libslirp 4.0.0 has a heap-based buffer overflow via a large packet because it mishandles a case involving the first fragment. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Buffer Overflow Libslirp
NVD Exploit-DB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy