An out-of-bounds read vulnerability was found in the SLiRP networking implementation of the QEMU emulator. This flaw occurs in the icmp6_send_echoreply() routine while replying to an ICMP echo request, also known as ping. This flaw allows a malicious guest to leak the contents of the host memory, resulting in possible information disclosure. This flaw affects versions of libslirp prior to 4.3.1.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
libslirp project libslirp |
||
redhat enterprise linux 7.0 |
||
redhat enterprise linux 8.0 |
||
redhat openstack 13 |
||
canonical ubuntu linux 18.04 |
||
canonical ubuntu linux 20.04 |
||
canonical ubuntu linux 16.04 |
||
debian debian linux 9.0 |
||
debian debian linux 10.0 |
||
opensuse leap 15.0 |
||
opensuse leap 15.1 |