QEMU: slirp: heap buffer overflow during packet reassembly

A heap buffer overflow issue was found in the SLiRP networking implementation of the QEMU emulator. This flaw occurs in the ipreass routine while reassembling incoming packets if the first fragment is bigger than the m-mdat buffer. An attacker could use this flaw to crash the QEMU process on the...

UBUNTU-CVE-2014-3640

The sosendto function in slirp/udp.c in QEMU before 2.1.2 allows local users to cause a denial of service NULL pointer dereference by sending a udp packet with a value of 0 in the source port and address, which triggers access of an uninitialized socket...