CVSS: 3.8EPSS: 0%CPEs: 6EXPL: 0CVE-2021-3592 – QEMU: slirp: invalid pointer initialization may lead to information disclosure (bootp)
https://notcve.org/view.php?id=CVE-2021-3592
15 Jun 2021 — An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the bootp_input() function and could occur while processing a udp packet that is smaller than the size of the 'bootp_t' structure. A malicious guest could use this flaw to leak 10 bytes of uninitialized heap memory from the host. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0. • https://bugzilla.redhat.com/show_bug.cgi?id=1970484 • CWE-824: Access of Uninitialized Pointer •
CVSS: 3.8EPSS: 0%CPEs: 6EXPL: 0CVE-2021-3594 – QEMU: slirp: invalid pointer initialization may lead to information disclosure (udp)
https://notcve.org/view.php?id=CVE-2021-3594
15 Jun 2021 — An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the udp_input() function and could occur while processing a udp packet that is smaller than the size of the 'udphdr' structure. This issue may lead to out-of-bounds read access or indirect host memory disclosure to the guest. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0. • https://bugzilla.redhat.com/show_bug.cgi?id=1970491 • CWE-824: Access of Uninitialized Pointer •
CVSS: 3.8EPSS: 0%CPEs: 6EXPL: 0CVE-2021-3593 – QEMU: slirp: invalid pointer initialization may lead to information disclosure (udp6)
https://notcve.org/view.php?id=CVE-2021-3593
15 Jun 2021 — An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the udp6_input() function and could occur while processing a udp packet that is smaller than the size of the 'udphdr' structure. This issue may lead to out-of-bounds read access or indirect host memory disclosure to the guest. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0. • https://bugzilla.redhat.com/show_bug.cgi?id=1970487 • CWE-824: Access of Uninitialized Pointer •
CVSS: 3.8EPSS: 0%CPEs: 6EXPL: 0CVE-2021-3595 – QEMU: slirp: invalid pointer initialization may lead to information disclosure (tftp)
https://notcve.org/view.php?id=CVE-2021-3595
15 Jun 2021 — An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the tftp_input() function and could occur while processing a udp packet that is smaller than the size of the 'tftp_t' structure. This issue may lead to out-of-bounds read access or indirect host memory disclosure to the guest. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0. • https://bugzilla.redhat.com/show_bug.cgi?id=1970489 • CWE-824: Access of Uninitialized Pointer •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2020-29129 – QEMU: slirp: out-of-bounds access while processing ARP/NCSI packets
https://notcve.org/view.php?id=CVE-2020-29129
26 Nov 2020 — ncsi.c in libslirp through 4.3.1 has a buffer over-read because it tries to read a certain amount of header data even if that exceeds the total packet length. El archivo ncsi.c en libslirp versiones hasta 4.3.1, presenta una sobrescritura del búfer porque intenta leer una determinada cantidad de datos del encabezado inclusive si excede la longitud total del paquete An out-of-bounds access issue was found in the SLiRP user networking implementation of QEMU. It could occur while processing ARP/NCSI packets, i... • http://www.openwall.com/lists/oss-security/2020/11/27/1 • CWE-125: Out-of-bounds Read •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 1CVE-2020-29130 – QEMU: slirp: out-of-bounds access while processing ARP/NCSI packets
https://notcve.org/view.php?id=CVE-2020-29130
26 Nov 2020 — slirp.c in libslirp through 4.3.1 has a buffer over-read because it tries to read a certain amount of header data even if that exceeds the total packet length. El archivo slirp.c en libslirp versiones hasta 4.3.1, presenta una sobrescritura del búfer porque intenta leer una determinada cantidad de datos del encabezado inclusive si excede la longitud total del paquete An out-of-bounds access issue was found in the SLiRP user networking implementation of QEMU. It could occur while processing ARP/NCSI packets,... • http://www.openwall.com/lists/oss-security/2020/11/27/1 • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 0%CPEs: 12EXPL: 0CVE-2020-10756 – QEMU SLiRP Networking Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2020-10756
09 Jul 2020 — An out-of-bounds read vulnerability was found in the SLiRP networking implementation of the QEMU emulator. This flaw occurs in the icmp6_send_echoreply() routine while replying to an ICMP echo request, also known as ping. This flaw allows a malicious guest to leak the contents of the host memory, resulting in possible information disclosure. This flaw affects versions of libslirp before 4.3.1. Se encontró una vulnerabilidad de lectura fuera de límites en la implementación de red SLiRP del emulador QEMU. • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00035.html • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 1CVE-2020-1983 – libslirp: use after free vulnerability cause a denial of service.
https://notcve.org/view.php?id=CVE-2020-1983
22 Apr 2020 — A use after free vulnerability in ip_reass() in ip_input.c of libslirp 4.2.0 and prior releases allows crafted packets to cause a denial of service. Una vulnerabilidad de uso de la memoria previamente liberada en la función ip_reass() en el archivo ip_input.c de libslirp versiones 4.2.0 y anteriores permite que paquetes especialmente diseñados causen una denegación de servicio. A use-after-free flaw was found in the SLiRP networking implementation of the QEMU emulator. Specifically, this flaw occurs in the ... • http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00022.html • CWE-416: Use After Free •
CVSS: 6.8EPSS: 0%CPEs: 5EXPL: 0CVE-2020-8608 – QEMU: Slirp: potential OOB access due to unsafe snprintf() usages
https://notcve.org/view.php?id=CVE-2020-8608
06 Feb 2020 — In libslirp 4.1.0, as used in QEMU 4.2.0, tcp_subr.c misuses snprintf return values, leading to a buffer overflow in later code. En libslirp versión 4.1.0, como es usado en QEMU versión 4.2.0, el archivo tcp_subr.c utiliza inapropiadamente los valores de retorno de snprintf, lo que conlleva a un desbordamiento del búfer en el código posterior. An out-of-bounds heap buffer access flaw was found in the SLiRP networking implementation of the QEMU emulator. This flaw occurs in tcp_emu() routine while emulating ... • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00007.html • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-122: Heap-based Buffer Overflow •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2020-7211
https://notcve.org/view.php?id=CVE-2020-7211
21 Jan 2020 — tftp.c in libslirp 4.1.0, as used in QEMU 4.2.0, does not prevent ..\ directory traversal on Windows. El archivo tftp.c en libslirp versión 4.1.0, como es usado en QEMU versión 4.2.0, no impide el salto de directorio ..\ en Windows. • http://www.openwall.com/lists/oss-security/2020/01/17/2 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •