Showing 1 - 6 of 6

CVE-2021-3595

Status Candidate

Overview

An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the tftp_input() function and could occur while processing a udp packet that is smaller than the size of the 'tftp_t' structure. This issue may lead to out-of-bounds read access or indirect host memory disclosure to the guest. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0.

Related Files

Red Hat Security Advisory 2021-4191-03: Posted Nov 10, 2021; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2021-4191-03 - Kernel-based Virtual Machine offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the virtualized systems. Issues addressed include information leakage and use-after-free vulnerabilities.; tags | advisory, kernel, vulnerability; systems | linux, redhat; advisories | CVE-2020-15859, CVE-2021-3592, CVE-2021-3593, CVE-2021-3594, CVE-2021-3595, CVE-2021-3631, CVE-2021-3667; SHA-256 | 64d7fbe0c9f1b5354e27b879038a2c6070838d3da6e94abfc2535d64c1665374; Download | Favorite | View

Ubuntu Security Notice USN-5009-2: Posted Oct 26, 2021; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 5009-2 - USN-5009-1 fixed vulnerabilities in libslirp. This update provides the corresponding updates for Ubuntu 21.10. Qiuhao Li discovered that libslirp incorrectly handled certain header data lengths. An attacker inside a guest could possibly use this issue to leak sensitive information from the host. This issue only affected Ubuntu 20.04 LTS and Ubuntu 20.10. It was discovered that libslirp incorrectly handled certain udp packets. An attacker inside a guest could possibly use this issue to leak sensitive information from the host. Various other issues were also addressed.; tags | advisory, udp, vulnerability; systems | linux, ubuntu; advisories | CVE-2021-3592, CVE-2021-3595; SHA-256 | ce2d0a6dc03321b336b8d36625c5af6aa5d68903590a8cebdd7bc1782ec28808; Download | Favorite | View

Gentoo Linux Security Advisory 202107-44: Posted Jul 20, 2021; Authored by Gentoo | Site security.gentoo.org; Gentoo Linux Security Advisory 202107-44 - Multiple vulnerabilities have been found in libslirp, the worst of which could result in a Denial of Service condition. Versions less than 4.6.0 are affected.; tags | advisory, denial of service, vulnerability; systems | linux, gentoo; advisories | CVE-2021-3592, CVE-2021-3593, CVE-2021-3594, CVE-2021-3595; SHA-256 | dee28e78c3c84064553d065f12f818eca29b2e7320918e9a0274937706eee3e5; Download | Favorite | View

Ubuntu Security Notice USN-5010-1: Posted Jul 15, 2021; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 5010-1 - Lei Sun discovered that QEMU incorrectly handled certain MMIO operations. An attacker inside the guest could possibly use this issue to cause QEMU to crash, resulting in a denial of service. Wenxiang Qian discovered that QEMU incorrectly handled certain ATAPI commands. An attacker inside the guest could possibly use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 21.04. Various other issues were also addressed.; tags | advisory, denial of service; systems | linux, ubuntu; advisories | CVE-2020-15469, CVE-2020-29443, CVE-2020-35505, CVE-2020-35517, CVE-2021-20221, CVE-2021-20257, CVE-2021-3392, CVE-2021-3409, CVE-2021-3416, CVE-2021-3527, CVE-2021-3544, CVE-2021-3545, CVE-2021-3546, CVE-2021-3593, CVE-2021-3594, CVE-2021-3595, CVE-2021-3608; SHA-256 | c4d63dc41ceb7caa0f49a3eacc4d8caaa17252efd4913df4a83ba610c5446f40; Download | Favorite | View

Ubuntu Security Notice USN-5009-1: Posted Jul 15, 2021; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 5009-1 - Qiuhao Li discovered that libslirp incorrectly handled certain header data lengths. An attacker inside a guest could possibly use this issue to leak sensitive information from the host. This issue only affected Ubuntu 20.04 LTS and Ubuntu 20.10. It was discovered that libslirp incorrectly handled certain udp packets. An attacker inside a guest could possibly use this issue to leak sensitive information from the host. Various other issues were also addressed.; tags | advisory, udp; systems | linux, ubuntu; advisories | CVE-2020-29129, CVE-2021-3594, CVE-2021-3595; SHA-256 | 3df328646a71434fe2e1d5504ff218ec999fb6d3102937176e3146ec99041529; Download | Favorite | View

AKCP sensorProbe SPX476 Cross Site Scripting: Posted Jul 2, 2021; Authored by Tyler Butler | Site tbutler.org; AKCP sensorProbe SPX476 suffers from multiple cross site scripting vulnerabilities.; tags | exploit, vulnerability, xss; advisories | CVE-2021-35956; SHA-256 | 4b01f7cf128ccb5e814e42f93405c9bdc86368f52ff9931bc0701bebc03b59ae; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 236 files
Ubuntu 56 files
Debian 19 files
LiquidWorm 16 files
Apple 9 files
Gentoo 5 files
Alter Prime 3 files
Google Security Research 3 files
Pierre Kim 2 files
EQSTLab 2 files

File Archives

Systems

AIX (430)
Apple (2,126)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,163)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,604)
HPUX (881)
iOS (393)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,945)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,337)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,987)
UNIX (9,475)
UnixWare (188)
Windows (6,784)
Other

CVE-2021-3595

Overview

Related Files

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems