Lucene search

K
nvd[email protected]NVD:CVE-2023-3180
HistoryAug 03, 2023 - 3:15 p.m.

CVE-2023-3180

2023-08-0315:15:29
CWE-122
CWE-787
web.nvd.nist.gov
1
qemu
virtual
crypto
encryption
decryption
virtio
handle
heap buffer overflow
cve-2023-3180

CVSS3

6.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

AI Score

6.7

Confidence

High

EPSS

0

Percentile

5.1%

A flaw was found in the QEMU virtual crypto device while handling data encryption/decryption requests in virtio_crypto_handle_sym_req. There is no check for the value of src_len and dst_len in virtio_crypto_sym_op_helper, potentially leading to a heap buffer overflow when the two values differ.

Affected configurations

NVD
Node
qemuqemuRange<8.1.0
OR
qemuqemuMatch8.1.0rc0
OR
qemuqemuMatch8.1.0rc1
OR
qemuqemuMatch8.1.0rc2
Node
fedoraprojectfedoraMatch38
Node
debiandebian_linuxMatch10.0

CVSS3

6.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

AI Score

6.7

Confidence

High

EPSS

0

Percentile

5.1%