Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2023-3180

Опубликовано: 03 авг. 2023
Источник: redhat
CVSS3: 6
EPSS Низкий

Описание

A flaw was found in the QEMU virtual crypto device while handling data encryption/decryption requests in virtio_crypto_handle_sym_req. There is no check for the value of src_len and dst_len in virtio_crypto_sym_op_helper, potentially leading to a heap buffer overflow when the two values differ.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6qemu-kvmNot affected
Red Hat Enterprise Linux 7qemu-kvmNot affected
Red Hat Enterprise Linux 7qemu-kvm-maNot affected
Red Hat Enterprise Linux 8virt:rhel/qemu-kvmNot affected
Red Hat Enterprise Linux 8 Advanced Virtualizationvirt:av/qemu-kvmNot affected
Red Hat Enterprise Linux 9qemu-kvmNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-122
https://bugzilla.redhat.com/show_bug.cgi?id=2222424QEMU: virtio-crypto: heap buffer overflow in virtio_crypto_sym_op_helper()

EPSS

Процентиль: 1%
0.00013
Низкий

6 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2023-3180

CVSS3: 6
ubuntu
почти 2 года назад

A flaw was found in the QEMU virtual crypto device while handling data encryption/decryption requests in virtio_crypto_handle_sym_req. There is no check for the value of `src_len` and `dst_len` in virtio_crypto_sym_op_helper, potentially leading to a heap buffer overflow when the two values differ.

nvd логотип

CVE-2023-3180

CVSS3: 6
nvd
почти 2 года назад

A flaw was found in the QEMU virtual crypto device while handling data encryption/decryption requests in virtio_crypto_handle_sym_req. There is no check for the value of `src_len` and `dst_len` in virtio_crypto_sym_op_helper, potentially leading to a heap buffer overflow when the two values differ.

msrc логотип

CVE-2023-3180

CVSS3: 6.5
msrc
2 месяца назад

Описание отсутствует

debian логотип

CVE-2023-3180

CVSS3: 6
debian
почти 2 года назад

A flaw was found in the QEMU virtual crypto device while handling data ...

github логотип

GHSA-p36c-2mv6-8m8q

CVSS3: 6
github
почти 2 года назад

A flaw was found in the QEMU virtual crypto device while handling data encryption/decryption requests in virtio_crypto_handle_sym_req. There is no check for the value of `src_len` and `dst_len` in virtio_crypto_sym_op_helper, potentially leading to a heap buffer overflow when the two values differ.

EPSS

Процентиль: 1%
0.00013
Низкий

6 Medium

CVSS3