Lucene search

K
debiancveDebian Security Bug TrackerDEBIANCVE:CVE-2021-3595
HistoryJun 15, 2021 - 9:15 p.m.

CVE-2021-3595

2021-06-1521:15:00
Debian Security Bug Tracker
security-tracker.debian.org
21

0.0005 Low

EPSS

Percentile

15.8%

An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the tftp_input() function and could occur while processing a udp packet that is smaller than the size of the ‘tftp_t’ structure. This issue may lead to out-of-bounds read access or indirect host memory disclosure to the guest. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0.