CVE-2021-3593 - log back

CVE-2021-3593 edited at 22 Jun 2021 08:55:00
Description
- An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the udp6_input() function and could occur while processing a udp packet that is smaller than the size of the 'udphdr' structure. This issue may lead to out-of-bounds read access or indirect host memory disclosure to the guest. This flaw affects libslirp versions prior to 4.6.0.
+ An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU before version 4.6.0. The flaw exists in the udp6_input() function and could occur while processing a UDP packet that is smaller than the size of the 'udphdr' structure. This issue may lead to out-of-bounds read access or indirect host memory disclosure to the guest.
CVE-2021-3593 edited at 15 Jun 2021 21:49:09
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Local
Type
- Unknown
+ Information disclosure
Description
+ An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the udp6_input() function and could occur while processing a udp packet that is smaller than the size of the 'udphdr' structure. This issue may lead to out-of-bounds read access or indirect host memory disclosure to the guest. This flaw affects libslirp versions prior to 4.6.0.
References
+ https://bugzilla.redhat.com/show_bug.cgi?id=1970487
+ https://gitlab.freedesktop.org/slirp/libslirp/-/issues/45
+ https://gitlab.freedesktop.org/slirp/libslirp/-/commit/93e645e72a056ec0b2c16e0299fc5c6b94e4ca17
+ https://gitlab.freedesktop.org/slirp/libslirp/-/commit/de71c15de66ba9350bf62c45b05f8fbff166517b
Notes
CVE-2021-3593 created at 15 Jun 2021 21:45:50