CVE-2021-3593

NameCVE-2021-3593
DescriptionAn invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the udp6_input() function and could occur while processing a udp packet that is smaller than the size of the 'udphdr' structure. This issue may lead to out-of-bounds read access or indirect host memory disclosure to the guest. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severitylow
Debian Bugs989994

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
libslirp (PTS)bullseye4.4.0-1+deb11u2fixed
bookworm, sid4.6.1-1fixed
qemu (PTS)stretch1:2.8+dfsg-6+deb9u9vulnerable
stretch (security)1:2.8+dfsg-6+deb9u16vulnerable
buster, buster (security)1:3.1+dfsg-8+deb10u8vulnerable
bullseye1:5.2+dfsg-11fixed
bullseye (security)1:5.2+dfsg-11+deb11u1fixed
bookworm1:6.1+dfsg-6fixed
sid1:6.1+dfsg-7fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
libslirpsourcebullseye4.4.0-1+deb11u2
libslirpsource(unstable)4.6.1-1989994
qemusource(unstable)1:4.1-2

Notes

[buster] - qemu <no-dsa> (Minor issue)
[stretch] - qemu <no-dsa> (Minor issue)
https://gitlab.freedesktop.org/slirp/libslirp/-/commit/93e645e72a056ec0b2c16e0299fc5c6b94e4ca17 (v4.6.0)
https://gitlab.freedesktop.org/slirp/libslirp/-/commit/de71c15de66ba9350bf62c45b05f8fbff166517b (v4.6.0)
qemu 1:4.1-2 switched to system libslirp, marking that version as fixed.

Search for package or bug name: Reporting problems