Lucene search

K
alpinelinuxAlpine Linux Development TeamALPINE:CVE-2023-3180
HistoryAug 03, 2023 - 3:15 p.m.

CVE-2023-3180

2023-08-0315:15:29
Alpine Linux Development Team
security.alpinelinux.org
4
qemu
virtual crypto
data encryption
data decryption
heap buffer overflow
virtio_crypto_handle_sym_req .

AI Score

7.6

Confidence

Low

EPSS

0

Percentile

5.1%

A flaw was found in the QEMU virtual crypto device while handling data encryption/decryption requests in virtio_crypto_handle_sym_req. There is no check for the value of src_len and dst_len in virtio_crypto_sym_op_helper, potentially leading to a heap buffer overflow when the two values differ.

OSVersionArchitecturePackageVersionFilename
Alpine3.18-communitynoarchqemu= 8.0.5-r0UNKNOWN