摘要:
An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the udp_input() function and could occur while processing a udp packet that is smaller than the size of the udphdr structure. This issue may lead to out-of-bounds read access or indirect host memory disclosure to the guest. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0.
安全等级: Low
公告ID: KylinSec-SA-2022-1545
发布日期: 2022年6月20日
关联CVE: CVE-2021-3594
An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the udp_input() function and could occur while processing a udp packet that is smaller than the size of the udphdr structure. This issue may lead to out-of-bounds read access or indirect host memory disclosure to the guest. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0.
| cve名称 | 产品 | 组件 | 是否受影响 |
|---|---|---|---|
| CVE-2021-3594 | KY3.4-4A | libslirp | Unaffected |
| CVE-2021-3594 | KY3.4-5 | libslirp | Unaffected |
| CVE-2021-3594 | KY3.5.1 | libslirp | Unaffected |
