CVE-2021-3594

NameCVE-2021-3594
DescriptionAn invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the udp_input() function and could occur while processing a udp packet that is smaller than the size of the 'udphdr' structure. This issue may lead to out-of-bounds read access or indirect host memory disclosure to the guest. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDLA-2753-1, DLA-3362-1, ELA-481-1
Debian Bugs989995

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
libslirp (PTS)bullseye4.4.0-1+deb11u2fixed
bookworm4.7.0-1fixed
sid, trixie4.8.0-1fixed
qemu (PTS)jessie, jessie (lts)1:2.1+dfsg-12+deb8u23fixed
stretch (security)1:2.8+dfsg-6+deb9u17fixed
stretch (lts), stretch1:2.8+dfsg-6+deb9u19fixed
buster (security), buster, buster (lts)1:3.1+dfsg-8+deb10u12fixed
bullseye1:5.2+dfsg-11+deb11u3fixed
bullseye (security)1:5.2+dfsg-11+deb11u2fixed
bookworm1:7.2+dfsg-7+deb12u7fixed
sid, trixie1:9.1.1+ds-5fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
libslirpsourcebullseye4.4.0-1+deb11u2
libslirpsource(unstable)4.6.1-1989995
qemusourcejessie1:2.1+dfsg-12+deb8u21ELA-481-1
qemusourcestretch1:2.8+dfsg-6+deb9u15DLA-2753-1
qemusourcebuster1:3.1+dfsg-8+deb10u10DLA-3362-1
qemusource(unstable)1:4.1-2

Notes

https://gitlab.freedesktop.org/slirp/libslirp/-/commit/93e645e72a056ec0b2c16e0299fc5c6b94e4ca17 (v4.6.0)
https://gitlab.freedesktop.org/slirp/libslirp/-/commit/74572be49247c8c5feae7c6e0b50c4f569ca9824 (v4.6.0)
qemu 1:4.1-2 switched to system libslirp, marking that version as fixed.

Search for package or bug name: Reporting problems