Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 523428 (CVE-2014-3640) - <app-emulation/qemu-2.1.2-r1: slirp: NULL pointer deref in sosendto() (CVE-2014-3640)
Summary: <app-emulation/qemu-2.1.2-r1: slirp: NULL pointer deref in sosendto() (CVE-20...
Alias: CVE-2014-3640
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
Whiteboard: B3 [glsa]
Depends on:
Reported: 2014-09-22 08:08 UTC by Agostino Sarubbo
Modified: 2014-12-08 22:48 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2014-09-22 08:08:37 UTC
From ${URL} :

When guest sends udp packet with source port and source addr 0,
uninitialized socket is picked up when looking for matching and already
created udp sockets, and later passed to sosendto() where NULL pointer
dereference is hit during so->slirp->vnetwork_mask.s_addr access.

Only guests using qemu user networking are affected.

Upstream patch submission:

@maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Comment 1 Yury German Gentoo Infrastructure gentoo-dev 2014-10-15 04:58:41 UTC
Setting Whiteboard back to ebuild, as 2.1.2 not in tree.
Comment 2 SpanKY gentoo-dev 2014-10-16 13:22:43 UTC
Commit message: Version bump
Comment 3 Kristian Fiskerstrand (RETIRED) gentoo-dev 2014-12-08 22:28:32 UTC
Added to existing GLSA draft
Comment 4 GLSAMaker/CVETool Bot gentoo-dev 2014-12-08 22:48:50 UTC
This issue was resolved and addressed in
 GLSA 201412-01 at
by GLSA coordinator Kristian Fiskerstrand (K_F).