Search CVE reports
1 – 10 of 13 results
CVE-2021-3595
Low priorityAn invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the tftp_input() function and could occur while processing a udp packet that is smaller than the size of the...
2 affected packages
libslirp, qemu
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libslirp | Fixed | Fixed | Fixed | Not in release | Ignored |
qemu | Not affected | Not affected | Not affected | Fixed | Not affected |
CVE-2021-3594
Low priorityAn invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the udp_input() function and could occur while processing a udp packet that is smaller than the size of the...
2 affected packages
libslirp, qemu
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libslirp | Fixed | Fixed | Fixed | Not in release | Ignored |
qemu | Not affected | Not affected | Not affected | Fixed | Fixed |
CVE-2021-3593
Low prioritySome fixes available 11 of 13
An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the udp6_input() function and could occur while processing a udp packet that is smaller than the size of the...
2 affected packages
libslirp, qemu
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libslirp | Fixed | Fixed | Fixed | Not in release | Ignored |
qemu | Not affected | Not affected | Not affected | Fixed | Vulnerable |
CVE-2021-3592
Low priorityAn invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the bootp_input() function and could occur while processing a udp packet that is smaller than the size of the...
2 affected packages
libslirp, qemu
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libslirp | Fixed | Fixed | Fixed | Not in release | Ignored |
qemu | Not affected | Not affected | Not affected | Fixed | Fixed |
CVE-2020-29130
Low priorityslirp.c in libslirp through 4.3.1 has a buffer over-read because it tries to read a certain amount of header data even if that exceeds the total packet length.
3 affected packages
libslirp, qemu, qemu-kvm
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libslirp | — | Not affected | Fixed | Not in release | Not in release |
qemu | — | Not affected | Not affected | Not affected | Not affected |
qemu-kvm | — | Not in release | Not in release | Not in release | Not in release |
CVE-2020-29129
Low priorityncsi.c in libslirp through 4.3.1 has a buffer over-read because it tries to read a certain amount of header data even if that exceeds the total packet length.
3 affected packages
libslirp, qemu, qemu-kvm
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libslirp | Not affected | Not affected | Fixed | Not in release | Not in release |
qemu | Not affected | Not affected | Not affected | Not affected | Not affected |
qemu-kvm | Not in release | Not in release | Not in release | Not in release | Not in release |
CVE-2020-10756
Medium prioritySome fixes available 2 of 5
An out-of-bounds read vulnerability was found in the SLiRP networking implementation of the QEMU emulator. This flaw occurs in the icmp6_send_echoreply() routine while replying to an ICMP echo request, also known as ping. This...
4 affected packages
libslirp, qemu, qemu-kvm, slirp4netns
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libslirp | Not affected | Not affected | Fixed | Not in release | Not in release |
qemu | Not affected | Not affected | Not affected | Fixed | Not affected |
qemu-kvm | Not in release | Not in release | Not in release | Not in release | Not in release |
slirp4netns | Not affected | Not affected | Vulnerable | Not in release | Not in release |
CVE-2020-1983
Medium prioritySome fixes available 14 of 16
A use after free vulnerability in ip_reass() in ip_input.c of libslirp 4.2.0 and prior releases allows crafted packets to cause a denial of service.
4 affected packages
libslirp, qemu, qemu-kvm, slirp4netns
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libslirp | Fixed | Fixed | Fixed | Not in release | Not in release |
qemu | Not affected | Not affected | Not affected | Fixed | Fixed |
qemu-kvm | Not in release | Not in release | Not in release | Not in release | Not in release |
slirp4netns | Not affected | Not affected | Needs evaluation | Not in release | Not in release |
CVE-2020-8608
Medium prioritySome fixes available 17 of 30
In libslirp 4.1.0, as used in QEMU 4.2.0, tcp_subr.c misuses snprintf return values, leading to a buffer overflow in later code.
5 affected packages
libslirp, qemu, qemu-kvm, slirp, slirp4netns
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libslirp | Fixed | Fixed | Fixed | Not in release | Not in release |
qemu | Not affected | Not affected | Not affected | Fixed | Fixed |
qemu-kvm | Not in release | Not in release | Not in release | Not in release | Not in release |
slirp | Vulnerable | Vulnerable | Vulnerable | Fixed | Fixed |
slirp4netns | Not affected | Not affected | Needs evaluation | Not in release | Not in release |
CVE-2020-7211
Medium prioritytftp.c in libslirp 4.1.0, as used in QEMU 4.2.0, does not prevent ..\ directory traversal on Windows.
3 affected packages
libslirp, qemu, qemu-kvm
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libslirp | — | — | — | Not in release | Not in release |
qemu | — | — | — | Not affected | Not affected |
qemu-kvm | — | — | — | Not in release | Not in release |