CVE-2023-3180
Heap buffer overflow in virtio_crypto_sym_op_helper()
A flaw was found in the QEMU virtual crypto device while handling data encryption/decryption requests in virtio_crypto_handle_sym_req. There is no check for the value of `src_len` and `dst_len` in virtio_crypto_sym_op_helper, potentially leading to a heap buffer overflow when the two values differ.
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H
Produtos afetados
Fedora · Extra Packages for Enterprise LinuxFedora · Fedoran/a · qemuRed Hat · Red Hat Enterprise Linux 6Red Hat · Red Hat Enterprise Linux 7Red Hat · Red Hat Enterprise Linux 8Red Hat · Red Hat Enterprise Linux 8 Advanced VirtualizationRed Hat · Red Hat Enterprise Linux 9Quer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →Referências
https://access.redhat.com/security/cve/CVE-2023-3180https://bugzilla.redhat.com/show_bug.cgi?id=2222424https://lists.debian.org/debian-lts-announce/2023/10/msg00006.htmlhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MURWGXDIF2WTDXV36T6HFJDBL632AO7R/https://security.netapp.com/advisory/ntap-20230831-0008/