Lucene search
+L

19 matches found

astralinux
astralinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability in Qemu

A flaw was discovered in the QEMU virtual crypto device during handling of data encryption/decryption requests in virtiocryptohandlesymreq. There is no check for the values of srclen and dstlen in virtiocryptosymophelper, which may lead to a heap buffer overflow if these values differ...

6.5CVSS6.9AI score0.00234EPSS
Exploits0References2
nessus
nessus
added 2025/04/18 12:0 a.m.10 views

Azure Linux 3.0 Security Update: qemu (CVE-2023-3180)

The version of qemu installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-3180 advisory. - A flaw was found in the QEMU virtual crypto device while handling data encryption/decryption requests in...

6.5CVSS6.8AI score0.00234EPSS
Exploits0References2
osv
osv
added 2024/06/06 12:29 p.m.6 views

USN-6567-2 qemu regression

USN-6567-1 fixed vulnerabilities QEMU. The fix for CVE-2023-2861 was too restrictive and introduced a behaviour change leading to a regression in certain environments. This update fixes the problem. Original advisory details: Gaoning Pan and Xingwei Li discovered that QEMU incorrectly handled the...

6.2AI score
Exploits0References2
nessus
nessus
added 2024/06/06 12:0 a.m.52 views

Ubuntu 20.04 LTS / 22.04 LTS : QEMU regression (USN-6567-2)

The remote Ubuntu 20.04 LTS / 22.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6567-2 advisory. USN-6567-1 fixed vulnerabilities QEMU. The fix for CVE-2023-2861 was too restrictive and introduced a behaviour change leading to a regression in...

7.1CVSS6.3AI score0.00376EPSS
Exploits0References1
nessus
nessus
added 2024/02/24 12:0 a.m.41 views

SUSE SLES15: qemu-SLOF / qemu-accel-qtest / qemu-accel-tcg-x86 / qemu-arm / etc (SUSE-SU-2024:0589-1)

The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0589-1 advisory. - CVE-2021-3638: hw/display/ati2d: Fix buffer overflow in ati2dblt bsc1188609 - CVE-2023-3180: virtio-crypto: verify src and dst buffer length...

7.5CVSS7AI score0.01606EPSS
Exploits1References12
nessus
nessus
added 2024/01/16 12:0 a.m.32 views

EulerOS 2.0 SP9 : qemu (EulerOS-SA-2023-2906)

According to the versions of the qemu package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device. This flaw allows a crafted guest driver to execute HW commands whe...

8.8CVSS6.9AI score0.01606EPSS
Exploits0References6
openvas
openvas
added 2024/01/09 12:0 a.m.38 views

Ubuntu: Security Advisory (USN-6567-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS7AI score0.01891EPSS
Exploits5References2
ubuntu
ubuntu
added 2024/01/08 5:46 p.m.76 views

USN-6567-1: QEMU vulnerabilities

Gaoning Pan and Xingwei Li discovered that QEMU incorrectly handled the USB xHCI controller device. A privileged guest attacker could possibly use this issue to cause QEMU to crash, leading to a denial of service. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. CVE-2020-14394 It w...

8.8CVSS7.1AI score0.01891EPSS
Exploits5
nessus
nessus
added 2023/09/22 12:0 a.m.22 views

SUSE SLES15: qemu / qemu-arm / qemu-audio-alsa / qemu-audio-pa / qemu-block-curl / etc (SUSE-SU-2023:3721-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:3721-1 advisory. - CVE-2022-26354: Fixed a memory leak due to a missing virtqueue detach on error. bsc1198712 - CVE-2021-3929: Fixed a...

8.8CVSS7AI score0.01606EPSS
Exploits4References32
osv
osv
added 2023/08/26 11:5 a.m.5 views

OESA-2023-1524 qemu security update

QEMU is a FAST! processor emulator using dynamic translation to achieve good emulation speed. QEMU has two operating modes: Full system emulation. In this mode, QEMU emulates a full system for example a PC, including one or several processors and various peripherals. It can be used to launch...

6.5CVSS7AI score0.00251EPSS
Exploits0References3
amazon
amazon
added 2023/08/21 12:0 a.m.42 views

Medium: qemu

Issue Overview: A flaw was found in the QEMU virtual crypto device while handling data encryption/decryption requests in virtiocryptohandlesymreq. There is no check for the value of srclen and dstlen in virtiocryptosymophelper, potentially leading to a heap buffer overflow when the two values...

6.5CVSS7.1AI score0.00234EPSS
Exploits0
osv
osv
added 2023/08/03 3:15 p.m.8 views

AZL-31817 CVE-2023-3180 affecting package qemu for versions less than 6.2.0-23

A flaw was found in the QEMU virtual crypto device while handling data encryption/decryption requests in virtiocryptohandlesymreq. There is no check for the value of srclen and dstlen in virtiocryptosymophelper, potentially leading to a heap buffer overflow when the two values differ...

6.5CVSS6.9AI score0.00234EPSS
Exploits0References1
osv
osv
added 2023/08/03 3:15 p.m.7 views

AZL-35168 CVE-2023-3180 affecting package qemu for versions less than 8.2.0-1

A flaw was found in the QEMU virtual crypto device while handling data encryption/decryption requests in virtiocryptohandlesymreq. There is no check for the value of srclen and dstlen in virtiocryptosymophelper, potentially leading to a heap buffer overflow when the two values differ...

6.5CVSS6.9AI score0.00234EPSS
Exploits0References1
prion
prion
added 2023/08/03 3:15 p.m.26 views

Heap overflow

A flaw was found in the QEMU virtual crypto device while handling data encryption/decryption requests in virtiocryptohandlesymreq. There is no check for the value of srclen and dstlen in virtiocryptosymophelper, potentially leading to a heap buffer overflow when the two values differ...

1.7CVSS6.3AI score0.00234EPSS
Exploits0References5Affected Software2
ubuntucve
ubuntucve
added 2023/08/03 3:15 p.m.29 views

CVE-2023-3180

A flaw was found in the QEMU virtual crypto device while handling data encryption/decryption requests in virtiocryptohandlesymreq. There is no check for the value of srclen and dstlen in virtiocryptosymophelper, potentially leading to a heap buffer overflow when the two values differ...

6.5CVSS6.9AI score0.00234EPSS
Exploits0References3
vulnrichment
vulnrichment
added 2023/08/03 2:31 p.m.16 views

CVE-2023-3180 Heap buffer overflow in virtio_crypto_sym_op_helper()

A flaw was found in the QEMU virtual crypto device while handling data encryption/decryption requests in virtiocryptohandlesymreq. There is no check for the value of srclen and dstlen in virtiocryptosymophelper, potentially leading to a heap buffer overflow when the two values differ...

6CVSS6.9AI score0.00234EPSS
Exploits0References5
cve
cve
added 2023/08/03 2:31 p.m.205 views

CVE-2023-3180

CVE-2023-3180 affects the QEMU virtio-crypto implementation. The vulnerability arises from not checking src_len vs dst_len in virtio_crypto_sym_op_helper, enabling a heap buffer overflow during encryption/decryption requests via virtio_crypto_handle_sym_req. Public references (Debian, CNVD, CNAs)...

6.5CVSS6.7AI score0.00234EPSS
Exploits0References5Affected Software1
cvelist
cvelist
added 2023/08/03 2:31 p.m.27 views

CVE-2023-3180 Heap buffer overflow in virtio_crypto_sym_op_helper()

A flaw was found in the QEMU virtual crypto device while handling data encryption/decryption requests in virtiocryptohandlesymreq. There is no check for the value of srclen and dstlen in virtiocryptosymophelper, potentially leading to a heap buffer overflow when the two values differ...

6CVSS7.2AI score0.00234EPSS
Exploits0References5
osv
osv
added 2023/08/03 2:31 p.m.33 views

CVE-2023-3180 Heap buffer overflow in virtio_crypto_sym_op_helper()

A flaw was found in the QEMU virtual crypto device while handling data encryption/decryption requests in virtiocryptohandlesymreq. There is no check for the value of srclen and dstlen in virtiocryptosymophelper, potentially leading to a heap buffer overflow when the two values differ...

6CVSS6.9AI score0.00234EPSS
Exploits0References9
Rows per page
Query Builder