CVSS: 3.8EPSS: 0%CPEs: 6EXPL: 0CVE-2021-3593 – QEMU: slirp: invalid pointer initialization may lead to information disclosure (udp6)
https://notcve.org/view.php?id=CVE-2021-3593
15 Jun 2021 — An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the udp6_input() function and could occur while processing a udp packet that is smaller than the size of the 'udphdr' structure. This issue may lead to out-of-bounds read access or indirect host memory disclosure to the guest. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0. • https://bugzilla.redhat.com/show_bug.cgi?id=1970487 • CWE-824: Access of Uninitialized Pointer •
CVSS: 3.8EPSS: 0%CPEs: 6EXPL: 0CVE-2021-3595 – QEMU: slirp: invalid pointer initialization may lead to information disclosure (tftp)
https://notcve.org/view.php?id=CVE-2021-3595
15 Jun 2021 — An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the tftp_input() function and could occur while processing a udp packet that is smaller than the size of the 'tftp_t' structure. This issue may lead to out-of-bounds read access or indirect host memory disclosure to the guest. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0. • https://bugzilla.redhat.com/show_bug.cgi?id=1970489 • CWE-824: Access of Uninitialized Pointer •
CVSS: 3.8EPSS: 0%CPEs: 6EXPL: 0CVE-2021-3592 – QEMU: slirp: invalid pointer initialization may lead to information disclosure (bootp)
https://notcve.org/view.php?id=CVE-2021-3592
15 Jun 2021 — An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the bootp_input() function and could occur while processing a udp packet that is smaller than the size of the 'bootp_t' structure. A malicious guest could use this flaw to leak 10 bytes of uninitialized heap memory from the host. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0. • https://bugzilla.redhat.com/show_bug.cgi?id=1970484 • CWE-824: Access of Uninitialized Pointer •
CVSS: 3.8EPSS: 0%CPEs: 6EXPL: 0CVE-2021-3594 – QEMU: slirp: invalid pointer initialization may lead to information disclosure (udp)
https://notcve.org/view.php?id=CVE-2021-3594
15 Jun 2021 — An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the udp_input() function and could occur while processing a udp packet that is smaller than the size of the 'udphdr' structure. This issue may lead to out-of-bounds read access or indirect host memory disclosure to the guest. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0. • https://bugzilla.redhat.com/show_bug.cgi?id=1970491 • CWE-824: Access of Uninitialized Pointer •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2020-29129 – QEMU: slirp: out-of-bounds access while processing ARP/NCSI packets
https://notcve.org/view.php?id=CVE-2020-29129
26 Nov 2020 — ncsi.c in libslirp through 4.3.1 has a buffer over-read because it tries to read a certain amount of header data even if that exceeds the total packet length. El archivo ncsi.c en libslirp versiones hasta 4.3.1, presenta una sobrescritura del búfer porque intenta leer una determinada cantidad de datos del encabezado inclusive si excede la longitud total del paquete An out-of-bounds access issue was found in the SLiRP user networking implementation of QEMU. It could occur while processing ARP/NCSI packets, i... • http://www.openwall.com/lists/oss-security/2020/11/27/1 • CWE-125: Out-of-bounds Read •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 1CVE-2020-29130 – QEMU: slirp: out-of-bounds access while processing ARP/NCSI packets
https://notcve.org/view.php?id=CVE-2020-29130
26 Nov 2020 — slirp.c in libslirp through 4.3.1 has a buffer over-read because it tries to read a certain amount of header data even if that exceeds the total packet length. El archivo slirp.c en libslirp versiones hasta 4.3.1, presenta una sobrescritura del búfer porque intenta leer una determinada cantidad de datos del encabezado inclusive si excede la longitud total del paquete An out-of-bounds access issue was found in the SLiRP user networking implementation of QEMU. It could occur while processing ARP/NCSI packets,... • http://www.openwall.com/lists/oss-security/2020/11/27/1 • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 0%CPEs: 12EXPL: 0CVE-2020-10756 – QEMU SLiRP Networking Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2020-10756
09 Jul 2020 — An out-of-bounds read vulnerability was found in the SLiRP networking implementation of the QEMU emulator. This flaw occurs in the icmp6_send_echoreply() routine while replying to an ICMP echo request, also known as ping. This flaw allows a malicious guest to leak the contents of the host memory, resulting in possible information disclosure. This flaw affects versions of libslirp before 4.3.1. Se encontró una vulnerabilidad de lectura fuera de límites en la implementación de red SLiRP del emulador QEMU. • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00035.html • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 1CVE-2020-1983 – libslirp: use after free vulnerability cause a denial of service.
https://notcve.org/view.php?id=CVE-2020-1983
22 Apr 2020 — A use after free vulnerability in ip_reass() in ip_input.c of libslirp 4.2.0 and prior releases allows crafted packets to cause a denial of service. Una vulnerabilidad de uso de la memoria previamente liberada en la función ip_reass() en el archivo ip_input.c de libslirp versiones 4.2.0 y anteriores permite que paquetes especialmente diseñados causen una denegación de servicio. A use-after-free flaw was found in the SLiRP networking implementation of the QEMU emulator. Specifically, this flaw occurs in the ... • http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00022.html • CWE-416: Use After Free •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2019-15890 – QEMU: Slirp: use-after-free during packet reassembly
https://notcve.org/view.php?id=CVE-2019-15890
06 Sep 2019 — libslirp 4.0.0, as used in QEMU 4.1.0, has a use-after-free in ip_reass in ip_input.c. libslirp versión 4.0.0, como es usado en QEMU versión 4.1.0, presenta un uso de la memoria previamente liberada en la función ip_reass en el archivo ip_input.c. A use-after-free issue was found in the SLiRP networking implementation of the QEMU emulator. The issue occurs in ip_reass() routine while reassembling incoming packets, if the first fragment is bigger than the m->m_dat[] buffer. A user or process could use this f... • http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00034.html • CWE-416: Use After Free •
CVSS: 8.8EPSS: 10%CPEs: 1EXPL: 2CVE-2019-14378 – QEMU - Denial of Service
https://notcve.org/view.php?id=CVE-2019-14378
29 Jul 2019 — ip_reass in ip_input.c in libslirp 4.0.0 has a heap-based buffer overflow via a large packet because it mishandles a case involving the first fragment. La función ip_reass en el archivo ip_input.c en libslirp versión 4.0.0, presenta un desbordamiento de búfer en la región heap de la memoria por medio de un paquete largo debido a que maneja inapropiadamente un caso que involucra el primer fragmento. A heap buffer overflow issue was found in the SLiRP networking implementation of the QEMU emulator. This flaw ... • https://packetstorm.news/files/id/154269 • CWE-122: Heap-based Buffer Overflow CWE-755: Improper Handling of Exceptional Conditions CWE-787: Out-of-bounds Write •