Lucene search

K
debiancveDebian Security Bug TrackerDEBIANCVE:CVE-2023-3180
HistoryAug 03, 2023 - 3:15 p.m.

CVE-2023-3180

2023-08-0315:15:29
Debian Security Bug Tracker
security-tracker.debian.org
8
qemu
virtual device
encryption
buffer overflow
heap

CVSS3

6.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

EPSS

0

Percentile

5.1%

A flaw was found in the QEMU virtual crypto device while handling data encryption/decryption requests in virtio_crypto_handle_sym_req. There is no check for the value of src_len and dst_len in virtio_crypto_sym_op_helper, potentially leading to a heap buffer overflow when the two values differ.

OSVersionArchitecturePackageVersionFilename
Debian12allqemu< 1:7.2+dfsg-7+deb12u2qemu_1:7.2+dfsg-7+deb12u2_all.deb
Debian11allqemu< 1:5.2+dfsg-11+deb11u3qemu_1:5.2+dfsg-11+deb11u3_all.deb
Debian999allqemu< 1:8.0.4+dfsg-1qemu_1:8.0.4+dfsg-1_all.deb
Debian13allqemu< 1:8.0.4+dfsg-1qemu_1:8.0.4+dfsg-1_all.deb

CVSS3

6.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

EPSS

0

Percentile

5.1%