Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:42747
HistoryAug 13, 2023 - 1:35 p.m.

Out-of-bounds Write

2023-08-1313:35:26
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
14
qemu
out-of-bounds write
virtio_crypto_sym_op_helper
buffer overflow

CVSS3

6.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

EPSS

0

Percentile

5.1%

qemu is vulnerable to Out-of-bounds Write. This vulnerability occurs since there is no check for the value of ‘src_len’ and ‘dst_len’ in ‘virtio_crypto_sym_op_helper’ resulting in a heap-based buffer overflow.

CVSS3

6.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

EPSS

0

Percentile

5.1%