CVE-2021-3594

NameCVE-2021-3594
DescriptionAn invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the udp_input() function and could occur while processing a udp packet that is smaller than the size of the 'udphdr' structure. This issue may lead to out-of-bounds read access or indirect host memory disclosure to the guest. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severitylow
Debian Bugs989995

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
libslirp (PTS)bullseye, sid4.4.0-1vulnerable
qemu (PTS)stretch1:2.8+dfsg-6+deb9u9vulnerable
stretch (security)1:2.8+dfsg-6+deb9u14vulnerable
buster, buster (security)1:3.1+dfsg-8+deb10u8vulnerable
bullseye, sid1:5.2+dfsg-11fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
libslirpsource(unstable)(unfixed)989995
qemusource(unstable)1:4.1-2

Notes

[bullseye] - libslirp <no-dsa> (Minor issue)
[buster] - qemu <no-dsa> (Minor issue)
[stretch] - qemu <no-dsa> (Minor issue)
https://gitlab.freedesktop.org/slirp/libslirp/-/commit/93e645e72a056ec0b2c16e0299fc5c6b94e4ca17 (v4.6.0)
https://gitlab.freedesktop.org/slirp/libslirp/-/commit/74572be49247c8c5feae7c6e0b50c4f569ca9824 (v4.6.0)
qemu 1:4.1-2 switched to system libslirp, marking that version as fixed.

Search for package or bug name: Reporting problems