CVE-2021-3595

An invalid pointer initialization issue was found in the SLiRP networking
implementation of QEMU. The flaw exists in the tftp_input() function and
could occur while processing a udp packet that is smaller than the size of
the ‘tftp_t’ structure. This issue may lead to out-of-bounds read access or
indirect host memory disclosure to the guest. The highest threat from this
vulnerability is to data confidentiality. This flaw affects libslirp
versions prior to 4.6.0.

Bugs

• <https://bugzilla.redhat.com/show_bug.cgi?id=1970489&gt;
• <https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989996&gt;