CVE-2021-3594 - log back

CVE-2021-3594 edited at 22 Jun 2021 08:55:11
Description
- An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the udp_input() function and could occur while processing a udp packet that is smaller than the size of the 'udphdr' structure. This issue may lead to out-of-bounds read access or indirect host memory disclosure to the guest. This flaw affects libslirp versions prior to 4.6.0.
+ An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU before version 4.6.0. The flaw exists in the udp_input() function and could occur while processing a UDP packet that is smaller than the size of the 'udphdr' structure. This issue may lead to out-of-bounds read access or indirect host memory disclosure to the guest.
CVE-2021-3594 edited at 15 Jun 2021 21:50:20
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Local
Type
- Unknown
+ Information disclosure
Description
+ An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the udp_input() function and could occur while processing a udp packet that is smaller than the size of the 'udphdr' structure. This issue may lead to out-of-bounds read access or indirect host memory disclosure to the guest. This flaw affects libslirp versions prior to 4.6.0.
References
+ https://bugzilla.redhat.com/show_bug.cgi?id=1970491
+ https://gitlab.freedesktop.org/slirp/libslirp/-/issues/47
+ https://gitlab.freedesktop.org/slirp/libslirp/-/commit/93e645e72a056ec0b2c16e0299fc5c6b94e4ca17
+ https://gitlab.freedesktop.org/slirp/libslirp/-/commit/74572be49247c8c5feae7c6e0b50c4f569ca9824
Notes
CVE-2021-3594 created at 15 Jun 2021 21:45:50