https://security-tracker.debian.org/tracker/CVE-2020-10756

slirp: networking out-of-bounds read information disclosure vulnerability

Fixed in libslirp v4.3.1. https://gitlab.freedesktop.org/slirp/libslirp/-/merge_requests/44

The issue is specific to IPv6 mode (slirp4netns -6), which isn't used at all by Podman/Docker and yet had been actually broken since v0.3.0-alpha.0 (4db5ef6).

So, nobody is likely to be actually affected.

slirp4netns v1.X.X (dynamically linked with libslirp)

slirp4netns v1.0.0-v1.1.1 is NOT affected regardless to the libslirp version, because the IPv6 support was broken.

slirp4netns v1.1.2 might be affected depending on the libslirp version.
Run slirp4netns --version to show the libslirp version linked with your slirp4netns binary.

$ slirp4netns --version
slirp4netns version 1.1.2
commit: 0806e04b1f786070cc1695d7f9b6abd43862bb5a
libslirp: 4.3.1
SLIRP_CONFIG_VERSION_MAX: 3

If your libslirp version is >= 4.3.1, you are not affected.
Otherwise you need to update libslirp to v4.3.1, but no need to update slirp4netns.

slirp4netns v0.4.X (statically linked with libslirp)

slirp4netns v0.3.0-v0.4.5 is NOT affected because the IPv6 support was broken.

slirp4netns v0.2.x and v0.4.6 are affected.

Fixed in slirp4netns v0.4.7. Statically linked with libslirp v4.3.1.