CVE-2021-3593
LOWlibslirp < 4.6.0 - Uninitialized Pointer Access in udp6_input
Title source: llmDescription
An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the udp6_input() function and could occur while processing a udp packet that is smaller than the size of the 'udphdr' structure. This issue may lead to out-of-bounds read access or indirect host memory disclosure to the guest. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0.
References (7)
Core 7
Core References
Mailing List, Third Party Advisory vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GCKWZWY64EHTOQMLVLTSZ4AA27EWRJMH/
Mailing List, Third Party Advisory vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SGPQZFVJCFGDSISFXPCQTTBBD7QZLJKI/
Third Party Advisory vendor-advisory
https://security.gentoo.org/glsa/202107-44
Mailing List, Third Party Advisory mailing-list
https://lists.debian.org/debian-lts-announce/2022/04/msg00002.html
Mailing List mailing-list
https://lists.debian.org/debian-lts-announce/2023/03/msg00013.html
Issue Tracking, Patch, Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1970487
Third Party Advisory
https://security.netapp.com/advisory/ntap-20210805-0004/
Scores
CVSS v3
3.8
EPSS
0.0033
EPSS Percentile
24.1%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
Details
CWE
CWE-824
Status
published
Products (5)
debian/debian_linux
9.0
fedoraproject/fedora
33
fedoraproject/fedora
34
libslirp_project/libslirp
< 4.6.0
redhat/enterprise_linux
8.0 (2 CPE variants)
Published
Jun 15, 2021
Tracked Since
Feb 18, 2026