MGASA-2021-0480
- Source
- https://advisories.mageia.org/MGASA-2021-0480.html
- Import Source
- https://advisories.mageia.org/MGASA-2021-0480.json
- JSON Data
- https://api.osv.dev/v1/vulns/MGASA-2021-0480
- Related
- Published
- 2021-10-20T21:28:32Z
- Modified
- 2021-10-20T20:57:10Z
- Summary
- Updated libslirp packages fix security vulnerability
- Details
-
Invalid pointer initialization issues were found in the SLiRP networking implementation of QEMU.
In the bootpinput() function while processing a udp packet that is smaller than the size of the 'bootpt' structure. A malicious guest could use this flaw to leak 10 bytes of uninitialized heap memory from the host. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0. (CVE-2021-3592)
In the udp6_input() function while processing a udp packet that is smaller than the size of the 'udphdr' structure. This issue may lead to out-of-bounds read access or indirect host memory disclosure to the guest. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0. (CVE-2021-3593)
In the udp_input() function while processing a udp packet that is smaller than the size of the 'udphdr' structure. This issue may lead to out-of-bounds read access or indirect host memory disclosure to the guest. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0. (CVE-2021-3594)
In the tftpinput() function while processing a udp packet that is smaller than the size of the 'tftpt' structure. This issue may lead to out-of-bounds read access or indirect host memory disclosure to the guest. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0. (CVE-2021-3595)
- References
- Credits
-
-
- Mageia - COORDINATOR
-
Affected packages
Mageia:8 / libslirp
Package
- Name
- libslirp
- Purl
- pkg:rpm/mageia/libslirp?distro=mageia-8