CVE-2021-3595 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Medium
Remote	No
Type	Information disclosure
Description	An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU before version 4.6.0. The flaw exists in the tftp_input() function and could occur while processing a UDP packet that is smaller than the size of the 'tftp_t' structure. This issue may lead to out-of-bounds read access or indirect host memory disclosure to the guest.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-2073	libslirp	4.5.0-1	4.6.0-1	Medium	Fixed

Date	Advisory	Group	Package	Severity	Type
22 Jun 2021	ASA-202106-49	AVG-2073	libslirp	Medium	information disclosure

References
https://bugzilla.redhat.com/show_bug.cgi?id=1970489 https://gitlab.freedesktop.org/slirp/libslirp/-/issues/46 https://gitlab.freedesktop.org/slirp/libslirp/-/commit/93e645e72a056ec0b2c16e0299fc5c6b94e4ca17 https://gitlab.freedesktop.org/slirp/libslirp/-/commit/3f17948137155f025f7809fdc38576d5d2451c3d https://gitlab.freedesktop.org/slirp/libslirp/-/commit/990163cf3ac86b7875559f49602c4d76f46f6f30

References

https://bugzilla.redhat.com/show_bug.cgi?id=1970489
https://gitlab.freedesktop.org/slirp/libslirp/-/issues/46
https://gitlab.freedesktop.org/slirp/libslirp/-/commit/93e645e72a056ec0b2c16e0299fc5c6b94e4ca17
https://gitlab.freedesktop.org/slirp/libslirp/-/commit/3f17948137155f025f7809fdc38576d5d2451c3d
https://gitlab.freedesktop.org/slirp/libslirp/-/commit/990163cf3ac86b7875559f49602c4d76f46f6f30