CVE-2021-3593

An invalid pointer initialization issue was found in the SLiRP networking
implementation of QEMU. The flaw exists in the udp6_input() function and
could occur while processing a udp packet that is smaller than the size of
the ‘udphdr’ structure. This issue may lead to out-of-bounds read access or
indirect host memory disclosure to the guest. The highest threat from this
vulnerability is to data confidentiality. This flaw affects libslirp
versions prior to 4.6.0.

Bugs

• <https://bugzilla.redhat.com/show_bug.cgi?id=1970487&gt;
• <https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989994&gt;