Home > Vulnerability Database > CVE-2021-3592

Mend.io Vulnerability Database

CVE-2021-3592

Good to know:

Date: June 14, 2021

An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the bootp_input() function and could occur while processing a udp packet that is smaller than the size of the 'bootp_t' structure. A malicious guest could use this flaw to leak 10 bytes of uninitialized heap memory from the host. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0.

Language: C

Severity Score

3.8

Related Resources (16)

Url: https://nvd.nist.gov/vuln/detail/CVE-2021-3592

Url: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SGPQZFVJCFGDSISFXPCQTTBBD7QZLJKI/

Url: https://lists.debian.org/debian-lts-announce/2023/03/msg00013.html

Url: https://security-tracker.debian.org/tracker/CVE-2021-3592

Url: https://bugzilla.redhat.com/show_bug.cgi?id=1970484

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SGPQZFVJCFGDSISFXPCQTTBBD7QZLJKI/

Url: https://lists.debian.org/debian-lts-announce/2021/09/msg00000.html

Url: https://security.alpinelinux.org/vuln/CVE-2021-3592

Url: https://security.gentoo.org/glsa/202107-44

Url: https://security.netapp.com/advisory/ntap-20210805-0004/

Url: https://access.redhat.com/security/cve/CVE-2021-3592

Url: https://lists.debian.org/debian-lts-announce/2021/09/msg00004.html

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GCKWZWY64EHTOQMLVLTSZ4AA27EWRJMH/

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2021-3592

Url: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GCKWZWY64EHTOQMLVLTSZ4AA27EWRJMH/

Url: https://www.mend.io/vulnerability-database/CVE-2021-3592

Severity Score

3.8

Weakness Type (CWE)

Access of Uninitialized Pointer

CWE-824

Top Fix

Upgrade Version

Upgrade to version v4.6.0

Learn More

CVSS v3.1

Base Score:	3.8
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	CHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

CVSS v2

Base Score:	2.1
Access Vector (AV):	LOCAL
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	NONE
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2021-3592

Good to know:

Date: June 14, 2021

Language: C

Severity Score

Related Resources (16)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?