{"id":"USN-5009-1","summary":"libslirp vulnerabilities","details":"Qiuhao Li discovered that libslirp incorrectly handled certain header data\nlengths. An attacker inside a guest could possibly use this issue to leak\nsensitive information from the host. This issue only affected Ubuntu 20.04\nLTS and Ubuntu 20.10. (CVE-2020-29129, CVE-2020-29130)\n\nIt was discovered that libslirp incorrectly handled certain udp packets. An\nattacker inside a guest could possibly use this issue to leak sensitive\ninformation from the host. (CVE-2021-3592, CVE-2021-3593, CVE-2021-3594,\nCVE-2021-3595)\n","modified":"2026-02-10T04:42:16Z","published":"2021-07-15T17:23:21Z","related":["UBUNTU-CVE-2020-29129","UBUNTU-CVE-2020-29130","UBUNTU-CVE-2021-3592","UBUNTU-CVE-2021-3593","UBUNTU-CVE-2021-3594","UBUNTU-CVE-2021-3595"],"upstream":["CVE-2020-29129","CVE-2020-29130","CVE-2021-3592","CVE-2021-3593","CVE-2021-3594","CVE-2021-3595","UBUNTU-CVE-2020-29129","UBUNTU-CVE-2020-29130","UBUNTU-CVE-2021-3592","UBUNTU-CVE-2021-3593","UBUNTU-CVE-2021-3594","UBUNTU-CVE-2021-3595"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-5009-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2020-29129"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2020-29130"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2021-3592"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2021-3593"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2021-3594"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2021-3595"}],"affected":[{"package":{"name":"libslirp","ecosystem":"Ubuntu:20.04:LTS","purl":"pkg:deb/ubuntu/libslirp@4.1.0-2ubuntu2.2?arch=source&distro=focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.1.0-2ubuntu2.2"}]}],"versions":["4.0.0-1","4.0.0-2","4.1.0-1","4.1.0-2","4.1.0-2ubuntu1","4.1.0-2ubuntu2","4.1.0-2ubuntu2.1"],"ecosystem_specific":{"binaries":[{"binary_name":"libslirp-dev","binary_version":"4.1.0-2ubuntu2.2"},{"binary_name":"libslirp0","binary_version":"4.1.0-2ubuntu2.2"}],"availability":"No subscription required"},"database_specific":{"cves_map":{"cves":[{"id":"CVE-2020-29129","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2020-29130","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2021-3592","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N"},{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2021-3593","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N"},{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2021-3594","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N"},{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2021-3595","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N"},{"type":"Ubuntu","score":"low"}]}],"ecosystem":"Ubuntu:20.04:LTS"},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-5009-1.json"}}],"schema_version":"1.7.3"}