Libslirp Security Vulnerabilities and Issues — Libslirp CVE List

Lucene search

Libslirp ProjectLibslirp

13 matches found

CVE•added 2020/07/09 4:15 p.m.•493 views

CVE-2020-10756

An out-of-bounds read vulnerability was found in the SLiRP networking implementation of the QEMU emulator. This flaw occurs in the icmp6_send_echoreply() routine while replying to an ICMP echo request, also known as ping. This flaw allows a malicious guest to leak the contents of the host memory, r...

6.5CVSS5.9AI score0.00036EPSS

CVE•added 2020/04/22 8:15 p.m.•474 views

CVE-2020-1983

A use after free vulnerability in ip_reass() in ip_input.c of libslirp 4.2.0 and prior releases allows crafted packets to cause a denial of service.

7.5CVSS7AI score0.00141EPSS

CVE•added 2020/01/16 11:15 p.m.•461 views

CVE-2020-7039

tcp_emu in tcp_subr.c in libslirp 4.1.0, as used in QEMU 4.2.0, mismanages memory, as demonstrated by IRC DCC commands in EMU_IRC. This can cause a heap-based buffer overflow or other out-of-bounds access which can lead to a DoS or potential execute arbitrary code.

6.8CVSS6.7AI score0.0102EPSS

CVE•added 2019/07/29 11:15 a.m.•381 views

CVE-2019-14378

ip_reass in ip_input.c in libslirp 4.0.0 has a heap-based buffer overflow via a large packet because it mishandles a case involving the first fragment.

8.8CVSS7.4AI score0.09093EPSS

CVE•added 2021/06/15 9:15 p.m.•379 views

CVE-2021-3593

An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the udp6_input() function and could occur while processing a udp packet that is smaller than the size of the 'udphdr' structure. This issue may lead to out-of-bounds read access or i...

3.8CVSS5AI score0.00018EPSS

CVE•added 2019/09/06 5:15 p.m.•377 views

CVE-2019-15890

libslirp 4.0.0, as used in QEMU 4.1.0, has a use-after-free in ip_reass in ip_input.c.

7.5CVSS7.5AI score0.0036EPSS

CVE•added 2020/02/06 5:15 p.m.•366 views

CVE-2020-8608

In libslirp 4.1.0, as used in QEMU 4.2.0, tcp_subr.c misuses snprintf return values, leading to a buffer overflow in later code.

6.8CVSS6.5AI score0.01962EPSS

CVE•added 2021/06/15 9:15 p.m.•313 views

CVE-2021-3592

An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the bootp_input() function and could occur while processing a udp packet that is smaller than the size of the 'bootp_t' structure. A malicious guest could use this flaw to leak 10 by...

3.8CVSS5.3AI score0.00021EPSS

CVE•added 2020/11/26 8:15 p.m.•303 views

CVE-2020-29130

slirp.c in libslirp through 4.3.1 has a buffer over-read because it tries to read a certain amount of header data even if that exceeds the total packet length.

4.3CVSS6.1AI score0.00426EPSS

CVE•added 2021/06/15 9:15 p.m.•271 views

CVE-2021-3595

An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the tftp_input() function and could occur while processing a udp packet that is smaller than the size of the 'tftp_t' structure. This issue may lead to out-of-bounds read access or i...

3.8CVSS5.2AI score0.00018EPSS

CVE•added 2021/06/15 9:15 p.m.•262 views

CVE-2021-3594

An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the udp_input() function and could occur while processing a udp packet that is smaller than the size of the 'udphdr' structure. This issue may lead to out-of-bounds read access or in...

3.8CVSS5.2AI score0.00018EPSS

CVE•added 2020/11/26 8:15 p.m.•250 views

CVE-2020-29129

ncsi.c in libslirp through 4.3.1 has a buffer over-read because it tries to read a certain amount of header data even if that exceeds the total packet length.

4.3CVSS5.8AI score0.0022EPSS

CVE•added 2020/01/21 5:15 p.m.•67 views

CVE-2020-7211

tftp.c in libslirp 4.1.0, as used in QEMU 4.2.0, does not prevent ..\ directory traversal on Windows.

7.5CVSS7.2AI score0.00498EPSS