{"id":"MGASA-2021-0480","summary":"Updated libslirp packages fix security vulnerability","details":"Invalid pointer initialization issues were found in the SLiRP networking\nimplementation of QEMU.\n\nIn the bootp_input() function while processing a udp packet that is smaller\nthan the size of the 'bootp_t' structure. A malicious guest could use this\nflaw to leak 10 bytes of uninitialized heap memory from the host. The\nhighest threat from this vulnerability is to data confidentiality. This\nflaw affects libslirp versions prior to 4.6.0. (CVE-2021-3592)\n\nIn the udp6_input() function while processing a udp packet that is smaller\nthan the size of the 'udphdr' structure. This issue may lead to out-of-bounds\nread access or indirect host memory disclosure to the guest. The highest\nthreat from this vulnerability is to data confidentiality. This flaw affects\nlibslirp versions prior to 4.6.0. (CVE-2021-3593)\n\nIn the udp_input() function while processing a udp packet that is smaller\nthan the size of the 'udphdr' structure. This issue may lead to out-of-bounds\nread access or indirect host memory disclosure to the guest. The highest\nthreat from this vulnerability is to data confidentiality. This flaw affects\nlibslirp versions prior to 4.6.0. (CVE-2021-3594)\n\nIn the tftp_input() function while processing a udp packet that is smaller\nthan the size of the 'tftp_t' structure. This issue may lead to out-of-bounds\nread access or indirect host memory disclosure to the guest. The highest\nthreat from this vulnerability is to data confidentiality. This flaw affects\nlibslirp versions prior to 4.6.0. (CVE-2021-3595)\n","modified":"2026-02-04T03:20:04.571912Z","published":"2021-10-20T21:28:32Z","related":["CVE-2021-3592","CVE-2021-3593","CVE-2021-3594","CVE-2021-3595"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2021-0480.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=29219"},{"type":"REPORT","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/SGPQZFVJCFGDSISFXPCQTTBBD7QZLJKI/"}],"affected":[{"package":{"name":"libslirp","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/libslirp?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.4.0-1.1.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2021-0480.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}