2.1 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
3.8 Low
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
0.0005 Low
EPSS
Percentile
17.2%
An invalid pointer initialization issue was found in the SLiRP networking
implementation of QEMU. The flaw exists in the bootp_input() function and
could occur while processing a udp packet that is smaller than the size of
the ‘bootp_t’ structure. A malicious guest could use this flaw to leak 10
bytes of uninitialized heap memory from the host. The highest threat from
this vulnerability is to data confidentiality. This flaw affects libslirp
versions prior to 4.6.0.
Author | Note |
---|---|
mdeslaur | patches for this introduced a regression that was fixed in 4.6.1 |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 20.04 | noarch | libslirp | < 4.1.0-2ubuntu2.2 | UNKNOWN |
ubuntu | 20.10 | noarch | libslirp | < 4.3.1-1ubuntu0.1 | UNKNOWN |
ubuntu | 21.04 | noarch | libslirp | < 4.4.0-1ubuntu0.1 | UNKNOWN |
ubuntu | 21.10 | noarch | libslirp | < 4.4.0-1ubuntu0.21.10.1 | UNKNOWN |
ubuntu | 22.04 | noarch | libslirp | < 4.6.1-1 | UNKNOWN |
ubuntu | 22.10 | noarch | libslirp | < 4.6.1-1 | UNKNOWN |
ubuntu | 23.04 | noarch | libslirp | < 4.6.1-1 | UNKNOWN |
ubuntu | 23.10 | noarch | libslirp | < 4.6.1-1 | UNKNOWN |
ubuntu | 24.04 | noarch | libslirp | < 4.6.1-1 | UNKNOWN |
ubuntu | 18.04 | noarch | qemu | < 1:2.11+dfsg-1ubuntu7.37 | UNKNOWN |
2.1 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
3.8 Low
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
0.0005 Low
EPSS
Percentile
17.2%