CVE-2021-3593

CVSS v3.1

3.8

Low

Vector

AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions libslirp versions prior to 4.6.0

Description The issue is related to an invalid pointer initialization in the SLiRP networking implementation, specifically in the udp6 input() function. This occurs when processing UDP packets that are smaller than the udphdr structure, potentially leading to out-of-bounds read access or indirect host memory disclosure to the guest. The primary threat is to data confidentiality.

Recommendations For libslirp versions prior to 4.6.0, update to version 4.6.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the udp6 input() function until a patch is available.

Fix

Access of Uninitialized Pointer

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-824

Related Identifiers

ALSA-2021:4191

ALT-PU-2021-2279

ALT-PU-2022-3194

BDU:2022-05822

CESA-2021_4191

CVE-2021-3593

DLA-2970-1

DLA-3362-1

MGASA-2021-0480

OESA-2021-1411

OPENSUSE-SU-2021:1202-1

OPENSUSE-SU-2021:2474-1

OPENSUSE-SU-2021:2591-1

OPENSUSE-SU-2021_1202-1

OPENSUSE-SU-2021_2474-1

OPENSUSE-SU-2021_2591-1

OPENSUSE-SU-2022:2941-1

OPENSUSE-SU-2022_2941-1

RHSA-2021:4191

RHSA-2021_4191

RLSA-2021:4191

SUSE-SU-2021:2428-1

SUSE-SU-2021:2448-1

SUSE-SU-2021:2461-1

SUSE-SU-2021:2474-1

SUSE-SU-2021:2546-1

SUSE-SU-2021:2563-1

SUSE-SU-2021:2591-1

SUSE-SU-2022:2941-1

SUSE-SU-2022_2941-1

USN-5009-1

USN-5009-2

USN-5010-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Linuxmint

Red Hat

Rocky Linux

Suse

Ubuntu

Libslirp

CVE-2021-3593

Weakness Enumeration

Related Identifiers

Affected Products

References · 159