CVE-2021-3592 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Medium
Remote	No
Type	Information disclosure
Description	An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU before version 4.6.0. The flaw exists in the bootp_input() function and could occur while processing a UDP packet that is smaller than the size of the 'bootp_t' structure. A malicious guest could use this flaw to leak 10 bytes of uninitialized heap memory from the host.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-2073	libslirp	4.5.0-1	4.6.0-1	Medium	Fixed

Date	Advisory	Group	Package	Severity	Type
22 Jun 2021	ASA-202106-49	AVG-2073	libslirp	Medium	information disclosure

References
https://bugzilla.redhat.com/show_bug.cgi?id=1970484 https://gitlab.freedesktop.org/slirp/libslirp/-/issues/44 https://gitlab.freedesktop.org/slirp/libslirp/-/commit/93e645e72a056ec0b2c16e0299fc5c6b94e4ca17 https://gitlab.freedesktop.org/slirp/libslirp/-/commit/f13cad45b25d92760bb0ad67bec0300a4d7d5275 https://gitlab.freedesktop.org/slirp/libslirp/-/commit/2eca0838eee1da96204545e22cdaed860d9d7c6c

References

https://bugzilla.redhat.com/show_bug.cgi?id=1970484
https://gitlab.freedesktop.org/slirp/libslirp/-/issues/44
https://gitlab.freedesktop.org/slirp/libslirp/-/commit/93e645e72a056ec0b2c16e0299fc5c6b94e4ca17
https://gitlab.freedesktop.org/slirp/libslirp/-/commit/f13cad45b25d92760bb0ad67bec0300a4d7d5275
https://gitlab.freedesktop.org/slirp/libslirp/-/commit/2eca0838eee1da96204545e22cdaed860d9d7c6c