A flaw was found in the QEMU virtual crypto device while handling data encryption/decryption requests in virtio_crypto_handle_sym_req. There is no check for the value of src_len
and dst_len
in virtio_crypto_sym_op_helper, potentially leading to a heap buffer overflow when the two values differ.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Alpine | 3.18-community | noarch | qemu | = 8.0.5-r0 | UNKNOWN |