CVSS: 3.8EPSS: 0%CPEs: 6EXPL: 0CVE-2021-3595 – QEMU: slirp: invalid pointer initialization may lead to information disclosure (tftp)
https://notcve.org/view.php?id=CVE-2021-3595
An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the tftp_input() function and could occur while processing a udp packet that is smaller than the size of the 'tftp_t' structure. This issue may lead to out-of-bounds read access or indirect host memory disclosure to the guest. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0. • https://bugzilla.redhat.com/show_bug.cgi?id=1970489 https://lists.debian.org/debian-lts-announce/2021/09/msg00000.html https://lists.debian.org/debian-lts-announce/2023/03/msg00013.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GCKWZWY64EHTOQMLVLTSZ4AA27EWRJMH https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SGPQZFVJCFGDSISFXPCQTTBBD7QZLJKI https://security.gentoo.org/glsa/202107-44 https://security.netapp.com/advisory/ntap& • CWE-824: Access of Uninitialized Pointer •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 1CVE-2021-34693
https://notcve.org/view.php?id=CVE-2021-34693
net/can/bcm.c in the Linux kernel through 5.12.10 allows local users to obtain sensitive information from kernel stack memory because parts of a data structure are uninitialized. El archivo net/can/bcm.c en el kernel de Linux versiones hasta 5.12.10, permite a usuarios locales obtener información confidencial de la memoria de la pila del kernel porque partes de una estructura de datos no están inicializadas • http://www.openwall.com/lists/oss-security/2021/06/15/1 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5e87ddbe3942e27e939bdc02deb8579b0cbd8ecc https://lists.debian.org/debian-lts-announce/2021/07/msg00014.html https://lists.debian.org/debian-lts-announce/2021/07/msg00015.html https://lists.debian.org/debian-lts-announce/2021/07/msg00016.html https://lore.kernel.org/netdev/trinity-87eaea25-2a7d-4aa9-92a5-269b822e5d95-1623609211076%403c-app-gmx-bs04/T https://ww • CWE-909: Missing Initialization of Resource •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 1CVE-2021-27345
https://notcve.org/view.php?id=CVE-2021-27345
A null pointer dereference was discovered in ucompthread in stream.c in Irzip 0.631 which allows attackers to cause a denial of service (DOS) via a crafted compressed file. Se detectó una desviación de puntero null en la función ucompthread en el archivo stream.c en Irzip versión 0.631 que permite a atacantes causar una denegación de servicio (DOS) por medio de un archivo comprimido diseñado • https://github.com/ckolivas/lrzip/issues/164 https://lists.debian.org/debian-lts-announce/2022/04/msg00012.html • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 2CVE-2020-25467
https://notcve.org/view.php?id=CVE-2020-25467
A null pointer dereference was discovered lzo_decompress_buf in stream.c in Irzip 0.621 which allows an attacker to cause a denial of service (DOS) via a crafted compressed file. Se detectó una desviación de puntero null en la función lzo_decompress_buf en el archivo stream.c en Irzip versión 0.621 que permite a un atacante causar una denegación de servicio (DOS) por medio de un archivo comprimido diseñado • https://bugs.launchpad.net/ubuntu/+source/lrzip/+bug/1893641 https://github.com/ckolivas/lrzip/issues/163 https://lists.debian.org/debian-lts-announce/2022/04/msg00012.html • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 1CVE-2021-27347
https://notcve.org/view.php?id=CVE-2021-27347
Use after free in lzma_decompress_buf function in stream.c in Irzip 0.631 allows attackers to cause Denial of Service (DoS) via a crafted compressed file. Un uso de memoria previamente liberada en la función lzma_decompress_buf en el archivo stream.c en Irzip versión 0.631 permite a atacantes causar una denegación de servicio (DoS) por medio de un archivo comprimido diseñado • https://github.com/ckolivas/lrzip/issues/165 https://lists.debian.org/debian-lts-announce/2022/04/msg00012.html • CWE-416: Use After Free •