Описание
ncsi.c in libslirp through 4.3.1 has a buffer over-read because it tries to read a certain amount of header data even if that exceeds the total packet length.
An out-of-bounds access issue was found in the SLiRP user networking implementation of QEMU. It could occur while processing ARP/NCSI packets, if the packet length was shorter than required to accommodate respective protocol headers and payload. A privileged guest user may use this flaw to potentially leak host information bytes.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | kvm | Out of support scope | ||
| Red Hat Enterprise Linux 5 | xen | Not affected | ||
| Red Hat Enterprise Linux 6 | qemu-kvm | Out of support scope | ||
| Red Hat Enterprise Linux 7 | qemu-kvm | Fix deferred | ||
| Red Hat Enterprise Linux 7 | qemu-kvm-ma | Fix deferred | ||
| Red Hat Enterprise Linux 7 | qemu-kvm-rhev | Fix deferred | ||
| Red Hat Enterprise Linux 8 Advanced Virtualization | virt:8.3/qemu-kvm | Affected | ||
| Red Hat Enterprise Linux 8 | virt-devel | Fixed | RHSA-2021:1762 | 18.05.2021 |
| Red Hat Enterprise Linux 8 | virt | Fixed | RHSA-2021:1762 | 18.05.2021 |
Показывать по
Дополнительная информация
Статус:
EPSS
2.5 Low
CVSS3
Связанные уязвимости
ncsi.c in libslirp through 4.3.1 has a buffer over-read because it tries to read a certain amount of header data even if that exceeds the total packet length.
ncsi.c in libslirp through 4.3.1 has a buffer over-read because it tries to read a certain amount of header data even if that exceeds the total packet length.
ncsi.c in libslirp through 4.3.1 has a buffer over-read because it tri ...
Уязвимость компонента src/ncsi.c эмулятора TCP-IP Libslirp, позволяющая нарушителю получить доступ к конфиденциальным данным
EPSS
2.5 Low
CVSS3