CVE-2021-3592

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-3592

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-3592.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2021-3592

Related

Published

2021-06-15T21:15:09Z

Modified

2025-04-27T03:08:59.312030Z

Downstream

RHSA-2021:4191

DLA-3362-1

Severity

3.8 (Low) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N CVSS Calculator

Summary

[none]

Details

An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the bootpinput() function and could occur while processing a udp packet that is smaller than the size of the 'bootpt' structure. A malicious guest could use this flaw to leak 10 bytes of uninitialized heap memory from the host. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0.

References

Affected packages

Debian:11 / libslirp

Package

Name: libslirp
Purl: pkg:deb/debian/libslirp?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.4.0-1+deb11u2

Affected versions

4.*

4.4.0-1

4.4.0-1+deb11u1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / libslirp

Package

Name: libslirp
Purl: pkg:deb/debian/libslirp?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.6.1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / libslirp

Package

Name: libslirp
Purl: pkg:deb/debian/libslirp?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.6.1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:11 / qemu

Package

Name: qemu
Purl: pkg:deb/debian/qemu?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:4.1-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / qemu

Package

Name: qemu
Purl: pkg:deb/debian/qemu?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:4.1-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / qemu

Package

Name: qemu
Purl: pkg:deb/debian/qemu?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:4.1-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}