CVE-2021-3593
First published: Thu Jun 10 2021(Updated: )
An invalid pointer initialization issue was found in the SLiRP network ...
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/libslirp | <4.6.0 | 4.6.0 |
| libslirp | <4.6.0 | |
| Red Hat Enterprise Linux | =8.0 | |
| Red Hat Enterprise Linux | =8.0 | |
| Red Hat Fedora | =33 | |
| Red Hat Fedora | =34 | |
| Debian Linux | =9.0 | |
| debian/libslirp | 4.4.0-1+deb11u2 4.7.0-1 4.8.0-1 | |
| debian/qemu | 1:5.2+dfsg-11+deb11u3 1:5.2+dfsg-11+deb11u2 1:7.2+dfsg-7+deb12u12 1:10.0.0~rc2+ds-2 1:10.0.0~rc3+ds-2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/show_bug.cgi?id=1970487
- https://lists.debian.org/debian-lts-announce/2022/04/msg00002.html
- https://lists.debian.org/debian-lts-announce/2023/03/msg00013.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GCKWZWY64EHTOQMLVLTSZ4AA27EWRJMH/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SGPQZFVJCFGDSISFXPCQTTBBD7QZLJKI/
- https://security.gentoo.org/glsa/202107-44
- https://security.netapp.com/advisory/ntap-20210805-0004/
- https://launchpad.net/bugs/cve/CVE-2021-3593
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GCKWZWY64EHTOQMLVLTSZ4AA27EWRJMH/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SGPQZFVJCFGDSISFXPCQTTBBD7QZLJKI/
- https://gitlab.freedesktop.org/slirp/libslirp/-/commit/93e645e7
- https://gitlab.freedesktop.org/slirp/libslirp/-/commit/de71c15d
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1972247
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1972250
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1972245
- https://access.redhat.com/errata/RHSA-2021:4191
- https://access.redhat.com/security/cve/cve-2021-3593
- https://gitlab.freedesktop.org/slirp/libslirp/-/commit/93e645e72a056ec0b2c16e0299fc5c6b94e4ca17
- https://gitlab.freedesktop.org/slirp/libslirp/-/commit/de71c15de66ba9350bf62c45b05f8fbff166517b
- https://security-tracker.debian.org/tracker/CVE-2021-3593
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3593
- https://nvd.nist.gov/vuln/detail/CVE-2021-3593
- https://ubuntu.com/security/CVE-2021-3593
Frequently Asked Questions
What is the vulnerability ID?
The vulnerability ID is CVE-2021-3593.
What is the severity of CVE-2021-3593?
The severity of CVE-2021-3593 is low.
What is the affected software?
The affected software includes libslirp version up to exclusive 4.6.0, Redhat Enterprise Linux 8.0, Fedora 33 and 34, Debian Debian Linux 9.0, and various versions of Ubuntu and QEMU.
What is the description of CVE-2021-3593?
CVE-2021-3593 is an invalid pointer initialization issue found in the SLiRP networking implementation of QEMU, which could lead to out-of-bounds read access.
How do I fix CVE-2021-3593?
To fix CVE-2021-3593, update libslirp to version 4.6.1 or apply the necessary patches provided by the vendor.
- agent/type
- agent/first-publish-date
- collector/launchpad-cve
- source/Launchpad
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2021-3593
- agent/software-canonical-lookup
- agent/severity
- agent/weakness
- collector/mitre-cve
- source/MITRE
- collector/usn-cve
- source/Ubuntu
- agent/remedy
- agent/references
- agent/trending
- agent/last-modified-date
- agent/source
- agent/author
- agent/description
- agent/event
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup-request
- collector/nvd-index
- agent/softwarecombine
- agent/tags
- collector/security-tracker-debian
- source/Debian
- package-manager/redhat
- vendor/libslirp project
- canonical/libslirp
- vendor/redhat
- canonical/red hat enterprise linux
- version/red hat enterprise linux/8.0
- vendor/fedoraproject
- canonical/red hat fedora
- version/red hat fedora/33
- version/red hat fedora/34
- vendor/debian
- canonical/debian linux
- version/debian linux/9.0
- package-manager/debian