阿里云漏洞库

漏洞描述

An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the udp_input() function and could occur while processing a udp packet that is smaller than the size of the 'udphdr' structure. This issue may lead to out-of-bounds read access or indirect host memory disclosure to the guest. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0.

解决建议

建议您更新当前系统或软件至最新版，完成漏洞的修复。

参考链接
https://bugzilla.redhat.com/show_bug.cgi?id=1970491
https://lists.debian.org/debian-lts-announce/2021/09/msg00000.html
https://lists.debian.org/debian-lts-announce/2023/03/msg00013.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedora...
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedora...
https://security.gentoo.org/glsa/202107-44
https://security.netapp.com/advisory/ntap-20210805-0004/

受影响软件情况

1
#	类型	厂商	产品	版本	影响面
	运行在以下环境
	应用	libslirp_project	libslirp	*		Up to (excluding) 4.6.0
	运行在以下环境
	系统	alibaba_cloud_linux_3	libnbd	*		Up to (excluding) 6.0.0-28.1.al8
	运行在以下环境
	系统	alma_linux_8	nss_hesiod	*		Up to (excluding) 2.28-164.el8
	运行在以下环境
	系统	alpine_3.14	libslirp	*		Up to (excluding) 4.6.0-r0
	运行在以下环境
	系统	alpine_3.15	libslirp	*		Up to (excluding) 4.6.0-r0
	运行在以下环境
	系统	alpine_3.16	libslirp	*		Up to (excluding) 4.6.0-r0
	运行在以下环境
	系统	alpine_3.17	libslirp	*		Up to (excluding) 4.6.0-r0
	运行在以下环境
	系统	alpine_3.18	libslirp	*		Up to (excluding) 4.6.0-r0
	运行在以下环境
	系统	alpine_3.19	libslirp	*		Up to (excluding) 4.6.0-r0
	运行在以下环境
	系统	amazon_2	apr	*		Up to (excluding) 1.7.2-1.amzn2
	运行在以下环境
	系统	amazon_2023	apr	*		Up to (excluding) 1.7.2-2.amzn2023.0.2
	运行在以下环境
	系统	debian_10	qemu	*		Up to (excluding) 3.1+dfsg-8+deb10u10
	运行在以下环境
	系统	debian_11	qemu	*		Up to (excluding) 4.4.0-1+deb11u2
	运行在以下环境
	系统	debian_12	qemu	*		Up to (excluding) 4.6.1-1
	运行在以下环境
	系统	fedora_33	nscd	*		Up to (excluding) 2.32-10.fc33
	运行在以下环境
	系统	fedora_34	nscd	*		Up to (excluding) 2.33-20.fc34
	运行在以下环境
	系统	kylinos_aarch64_V10SP1	nscd	*		Up to (excluding) 2.28-36.p06.ky10
	运行在以下环境
	系统	kylinos_aarch64_V10SP2	nscd	*		Up to (excluding) 2.28-49.p07.ky10
	运行在以下环境
	系统	kylinos_x86_64_V10SP1	nscd	*		Up to (excluding) 2.28-36.p06.ky10
	运行在以下环境
	系统	kylinos_x86_64_V10SP2	nscd	*		Up to (excluding) 2.28-49.p07.ky10
	运行在以下环境
	系统	opensuse_Leap_15.2	nscd	*		Up to (excluding) 2.26-lp152.26.9.1
	运行在以下环境
	系统	opensuse_Leap_15.3	nscd	*		Up to (excluding) 2.31-9.3.2
	运行在以下环境
	系统	opensuse_Leap_15.4	libslirp0	*		Up to (excluding) 4.3.1-150300.2.7.1
	运行在以下环境
	系统	oracle_7	qemu	*		Up to (excluding) 4.2.1-13.el7
	运行在以下环境
	系统	oracle_8	nscd	*		Up to (excluding) 2.28-164.0.1.el8
	运行在以下环境
	系统	redhat_8	nscd	*		Up to (excluding) 2.28-164.el8
	运行在以下环境
	系统	rocky_linux_8	nscd	*		Up to (excluding) 2.28-164.el8
	运行在以下环境
	系统	suse_12_SP5	xen	*		Up to (excluding) 4.12.4_12-3.49.1
	运行在以下环境
	系统	ubuntu_18.04	qemu	*		Up to (excluding) 2.11+dfsg-1ubuntu7.37
	运行在以下环境
	系统	ubuntu_20.04	libslirp	*		Up to (excluding) 4.1.0-2ubuntu2.2
	运行在以下环境
	系统	ubuntu_21.04	libslirp	*		Up to (excluding) 4.4.0-1ubuntu0.1
	运行在以下环境
系统	ubuntu_21.10	libslirp	*		Up to (excluding) 4.4.0-1ubuntu0.21.10.1
运行在以下环境
系统	ubuntu_22.04	libslirp	*		Up to (excluding) 4.6.1-1
运行在以下环境
系统	ubuntu_22.10	libslirp	*		Up to (excluding) 4.6.1-1

攻击路径

本地
攻击复杂度

容易
权限要求

普通权限
影响范围

越权影响
EXP成熟度

N/A
补丁情况

官方补丁
数据保密性

数据泄露
数据完整性

无影响
服务器危害

无影响
全网数量

N/A

CWE-ID	漏洞类型
CWE-824	使用未经初始化的指针

中危 libslirp_project libslirp 使用未经初始化的指针

漏洞描述

解决建议

参考链接

受影响软件情况