CVE-2021-3595

An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the tftp_input() function and could occur while processing a udp packet that is smaller than the size of the 'tftp_t' structure. This issue may lead to out-of-bounds read access or indirect host memory disclosure to the guest. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0.

Published: Jun 15, 2021
Updated: Apr 14, 2023
CVE: CVE-2021-3595
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 3.8
AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

CVSS v2:

Severity: Low
Score: 2.1
AV:L/AC:L/Au:N/C:P/I:N/A:N

CWEs:

CWE-824

Affected Software
References

Software	From	Fixed in
libslirp_project / libslirp	-	4.6.0
redhat / enterprise_linux	8.0	8.0.x
debian / debian_linux	9.0	9.0.x
fedoraproject / fedora	33	33.x
fedoraproject / fedora	34	34.x

https://bugzilla.redhat.com/show_bug.cgi?id=1970489
https://lists.debian.org/debian-lts-announce/2021/09/msg00000.html
https://lists.debian.org/debian-lts-announce/2023/03/msg00013.html
https://lists.fedoraproject.org/archives/list/[email protected]/message/GCKWZWY64EHTOQMLVLTSZ4AA27EWRJMH/
https://lists.fedoraproject.org/archives/list/[email protected]/message/SGPQZFVJCFGDSISFXPCQTTBBD7QZLJKI/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GCKWZWY64EHTOQMLVLTSZ4AA27EWRJMH/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SGPQZFVJCFGDSISFXPCQTTBBD7QZLJKI/
https://security.gentoo.org/glsa/202107-44
https://security.netapp.com/advisory/ntap-20210805-0004/

Vulnerability Database

289,689

CVE-2021-3595