#VU54311 Release of invalid pointer or reference in libslirp - CVE-2021-3595

Cybersecurity Help s.r.o.

Published: 2021-06-22

Vulnerability identifier: #VU54311

Vulnerability risk: Low

CVSSv4.0: 1.2 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-3595

CWE-ID: CWE-763

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
libslirp
Universal components / Libraries / Libraries used by multiple products

Vendor: Freedesktop.org

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to invalid pointer initialization within the tftp_input() function while processing UDP packets in the SLiRP networking implementation of QEMU. A malicious guest could use this vulnerability to read host memory.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

libslirp: 0.6.0 - 4.5.0

External links
https://bugzilla.redhat.com/show_bug.cgi?id=1970489

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

SUSE update for libslirp

Red Hat Enterprise Linux 8 update for the virt:rhel and virt-devel:rhel modules

openEuler update for qemu

Ubuntu update for libslirp

SUSE update for qemu

Gentoo update for libslirp