Vulnerabilities > CVE-2023-3180 - Out-of-bounds Write vulnerability in multiple products

047910
CVSS 6.5 - MEDIUM
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH

Summary

A flaw was found in the QEMU virtual crypto device while handling data encryption/decryption requests in virtio_crypto_handle_sym_req. There is no check for the value of `src_len` and `dst_len` in virtio_crypto_sym_op_helper, potentially leading to a heap buffer overflow when the two values differ.

Vulnerable Configurations

Part Description Count
Application
Qemu
400
OS
Fedoraproject
1
OS
Debian
1

Common Weakness Enumeration (CWE)