libslirp_project CVE Vulnerabilities & Metrics

Focus on libslirp_project vulnerabilities and metrics.

Last updated: 08 Mar 2025, 23:25 UTC

About libslirp_project Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with libslirp_project. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total libslirp_project CVEs: 13
Earliest CVE date: 29 Jul 2019, 11:15 UTC
Latest CVE date: 15 Jun 2021, 21:15 UTC

Latest CVE reference: CVE-2021-3595

Rolling Stats

30-day Count (Rolling): 0
365-day Count (Rolling): 0

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): 0%
Year Variation (Calendar): 0%

Month Growth Rate (30-day Rolling): 0.0%
Year Growth Rate (365-day Rolling): 0.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical libslirp_project CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 3.9

Max CVSS: 6.8

Critical CVEs (≥9): 0

CVSS Range vs. Count

Range	Count
0.0-3.9	6
4.0-6.9	7
7.0-8.9	0
9.0-10.0	0

CVSS Distribution Chart

Top 5 Highest CVSS libslirp_project CVEs

These are the five CVEs with the highest CVSS scores for libslirp_project, sorted by severity first and recency.

CVE-2020-8608 libslirp_project Published on 06 Feb 2020, 17:15 UTC (CVSS: 6.8)
In libslirp 4.1.0, as used in QEMU 4.2.0, tcp_subr.c misuses snprintf return values, leading to a buffer overflow in later code.
CVE-2020-7039 libslirp_project Published on 16 Jan 2020, 23:15 UTC (CVSS: 6.8)
tcp_emu in tcp_subr.c in libslirp 4.1.0, as used in QEMU 4.2.0, mismanages memory, as demonstrated by IRC DCC commands in EMU_IRC. This can cause a heap-based buffer overflow or other out-of-bounds access which can lead to a DoS or potential execute arbitrary code.
CVE-2019-14378 libslirp_project Published on 29 Jul 2019, 11:15 UTC (CVSS: 6.5)
ip_reass in ip_input.c in libslirp 4.0.0 has a heap-based buffer overflow via a large packet because it mishandles a case involving the first fragment.
CVE-2020-7211 libslirp_project Published on 21 Jan 2020, 17:15 UTC (CVSS: 5.0)
tftp.c in libslirp 4.1.0, as used in QEMU 4.2.0, does not prevent ..\ directory traversal on Windows.
CVE-2019-15890 libslirp_project Published on 06 Sep 2019, 17:15 UTC (CVSS: 5.0)
libslirp 4.0.0, as used in QEMU 4.1.0, has a use-after-free in ip_reass in ip_input.c.

All CVEs for libslirp_project

CVE-2021-3595 libslirp_project vulnerability CVSS: 2.1 15 Jun 2021, 21:15 UTC

An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the tftp_input() function and could occur while processing a udp packet that is smaller than the size of the 'tftp_t' structure. This issue may lead to out-of-bounds read access or indirect host memory disclosure to the guest. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0.

CVE-2021-3594 libslirp_project vulnerability CVSS: 2.1 15 Jun 2021, 21:15 UTC

An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the udp_input() function and could occur while processing a udp packet that is smaller than the size of the 'udphdr' structure. This issue may lead to out-of-bounds read access or indirect host memory disclosure to the guest. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0.

CVE-2021-3593 libslirp_project vulnerability CVSS: 2.1 15 Jun 2021, 21:15 UTC

An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the udp6_input() function and could occur while processing a udp packet that is smaller than the size of the 'udphdr' structure. This issue may lead to out-of-bounds read access or indirect host memory disclosure to the guest. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0.

CVE-2021-3592 libslirp_project vulnerability CVSS: 2.1 15 Jun 2021, 21:15 UTC

An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the bootp_input() function and could occur while processing a udp packet that is smaller than the size of the 'bootp_t' structure. A malicious guest could use this flaw to leak 10 bytes of uninitialized heap memory from the host. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0.

CVE-2020-29130 libslirp_project vulnerability CVSS: 4.0 26 Nov 2020, 20:15 UTC

slirp.c in libslirp through 4.3.1 has a buffer over-read because it tries to read a certain amount of header data even if that exceeds the total packet length.

CVE-2020-29129 libslirp_project vulnerability CVSS: 4.0 26 Nov 2020, 20:15 UTC

ncsi.c in libslirp through 4.3.1 has a buffer over-read because it tries to read a certain amount of header data even if that exceeds the total packet length.

CVE-2020-10756 libslirp_project vulnerability CVSS: 2.1 09 Jul 2020, 16:15 UTC

An out-of-bounds read vulnerability was found in the SLiRP networking implementation of the QEMU emulator. This flaw occurs in the icmp6_send_echoreply() routine while replying to an ICMP echo request, also known as ping. This flaw allows a malicious guest to leak the contents of the host memory, resulting in possible information disclosure. This flaw affects versions of libslirp before 4.3.1.

CVE-2020-1983 libslirp_project vulnerability CVSS: 2.1 22 Apr 2020, 20:15 UTC

A use after free vulnerability in ip_reass() in ip_input.c of libslirp 4.2.0 and prior releases allows crafted packets to cause a denial of service.

CVE-2020-8608 libslirp_project vulnerability CVSS: 6.8 06 Feb 2020, 17:15 UTC

In libslirp 4.1.0, as used in QEMU 4.2.0, tcp_subr.c misuses snprintf return values, leading to a buffer overflow in later code.

CVE-2020-7211 libslirp_project vulnerability CVSS: 5.0 21 Jan 2020, 17:15 UTC

tftp.c in libslirp 4.1.0, as used in QEMU 4.2.0, does not prevent ..\ directory traversal on Windows.

CVE-2020-7039 libslirp_project vulnerability CVSS: 6.8 16 Jan 2020, 23:15 UTC

tcp_emu in tcp_subr.c in libslirp 4.1.0, as used in QEMU 4.2.0, mismanages memory, as demonstrated by IRC DCC commands in EMU_IRC. This can cause a heap-based buffer overflow or other out-of-bounds access which can lead to a DoS or potential execute arbitrary code.

CVE-2019-15890 libslirp_project vulnerability CVSS: 5.0 06 Sep 2019, 17:15 UTC

libslirp 4.0.0, as used in QEMU 4.1.0, has a use-after-free in ip_reass in ip_input.c.

CVE-2019-14378 libslirp_project vulnerability CVSS: 6.5 29 Jul 2019, 11:15 UTC

ip_reass in ip_input.c in libslirp 4.0.0 has a heap-based buffer overflow via a large packet because it mishandles a case involving the first fragment.