CVE-2021-3595
QEMU: slirp: invalid pointer initialization may lead to information disclosure (tftp)
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the tftp_input() function and could occur while processing a udp packet that is smaller than the size of the 'tftp_t' structure. This issue may lead to out-of-bounds read access or indirect host memory disclosure to the guest. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0.
Se ha encontrado un problema de inicialización de puntero no válido en la implementación de redes SLiRP de QEMU. El fallo se presenta en la función tftp_input() y podría ocurrir mientras se procesa un paquete udp más pequeño que el tamaño de la estructura "tftp_t". Este problema puede conllevar a un acceso de lectura fuera de límites o a una divulgación indirecta de la memoria del host al invitado. La mayor amenaza de esta vulnerabilidad es la confidencialidad de los datos. Este fallo afecta a libslirp versiones anteriores a 4.6.0
An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the tftp_input() function and could occur while processing a udp packet that is smaller than the size of the 'tftp_t' structure. This issue may lead to out-of-bounds read access or indirect host memory disclosure to the guest. The highest threat from this vulnerability is to data confidentiality.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-06-10 CVE Reserved
- 2021-06-15 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-824: Access of Uninitialized Pointer
CAPEC
References (8)
| URL | Tag | Source |
|---|---|---|
| https://lists.debian.org/debian-lts-announce/2021/09/msg00000.html | Mailing List |
|
| https://lists.debian.org/debian-lts-announce/2023/03/msg00013.html | Mailing List |
|
| https://security.netapp.com/advisory/ntap-20210805-0004 | Third Party Advisory |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1970489 | 2021-11-09 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Libslirp Project Search vendor "Libslirp Project" | Libslirp Search vendor "Libslirp Project" for product "Libslirp" | < 4.6.0 Search vendor "Libslirp Project" for product "Libslirp" and version " < 4.6.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | 8.0 Search vendor "Redhat" for product "Enterprise Linux" and version "8.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | 8.0 Search vendor "Redhat" for product "Enterprise Linux" and version "8.0" | advanced_virtualization |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 33 Search vendor "Fedoraproject" for product "Fedora" and version "33" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 34 Search vendor "Fedoraproject" for product "Fedora" and version "34" | - |
Affected
| ||||||