Lucene search

UbuntuUSN-5009-2

HistoryOct 26, 2021 - 12:00 a.m.

libslirp vulnerabilities

2021-10-2600:00:00

ubuntu.com

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

6.1 Medium

AI Score

Confidence

Low

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

0.004 Low

EPSS

Percentile

72.3%

JSON

Releases

Ubuntu 21.10

Packages

libslirp - General purpose TCP-IP emulator library

Details

USN-5009-1 fixed vulnerabilities in libslirp. This update provides the
corresponding updates for Ubuntu 21.10.

Original advisory details:

Qiuhao Li discovered that libslirp incorrectly handled certain header data
lengths. An attacker inside a guest could possibly use this issue to leak
sensitive information from the host. This issue only affected Ubuntu 20.04
LTS and Ubuntu 20.10. (CVE-2020-29129, CVE-2020-29130)

It was discovered that libslirp incorrectly handled certain udp packets. An
attacker inside a guest could possibly use this issue to leak sensitive
information from the host. (CVE-2021-3592, CVE-2021-3593, CVE-2021-3594,
CVE-2021-3595)

OSVersionArchitecturePackageVersionFilename
Ubuntu21.10noarchlibslirp0< 4.4.0-1ubuntu0.21.10.1UNKNOWN
Ubuntu21.10noarchlibslirp-dev< 4.4.0-1ubuntu0.21.10.1UNKNOWN
Ubuntu21.10noarchlibslirp0-dbgsym< 4.4.0-1ubuntu0.21.10.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Ubuntu	21.10	noarch	libslirp0	< 4.4.0-1ubuntu0.21.10.1	UNKNOWN
Ubuntu	21.10	noarch	libslirp-dev	< 4.4.0-1ubuntu0.21.10.1	UNKNOWN
Ubuntu	21.10	noarch	libslirp0-dbgsym	< 4.4.0-1ubuntu0.21.10.1	UNKNOWN