// For flags

CVE-2023-3180

Heap buffer overflow in virtio_crypto_sym_op_helper()

Severity Score

6.5
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

Track
*SSVC
Descriptions

A flaw was found in the QEMU virtual crypto device while handling data encryption/decryption requests in virtio_crypto_handle_sym_req. There is no check for the value of `src_len` and `dst_len` in virtio_crypto_sym_op_helper, potentially leading to a heap buffer overflow when the two values differ.

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
None
Integrity
None
Availability
High
Attack Vector
Local
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Changed
Confidentiality
None
Integrity
None
Availability
High
* Common Vulnerability Scoring System
SSVC
  • Decision:Track
Exploitation
None
Automatable
No
Tech. Impact
Partial
* Organization's Worst-case Scenario
Timeline
  • 2023-06-09 CVE Reserved
  • 2023-08-03 CVE Published
  • 2024-09-25 CVE Updated
  • 2024-11-07 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-122: Heap-based Buffer Overflow
  • CWE-787: Out-of-bounds Write
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Qemu
Search vendor "Qemu"
Qemu
Search vendor "Qemu" for product "Qemu"
< 8.1.0
Search vendor "Qemu" for product "Qemu" and version " < 8.1.0"
-
Affected
Qemu
Search vendor "Qemu"
Qemu
Search vendor "Qemu" for product "Qemu"
8.1.0
Search vendor "Qemu" for product "Qemu" and version "8.1.0"
rc0
Affected
Qemu
Search vendor "Qemu"
Qemu
Search vendor "Qemu" for product "Qemu"
8.1.0
Search vendor "Qemu" for product "Qemu" and version "8.1.0"
rc1
Affected
Qemu
Search vendor "Qemu"
Qemu
Search vendor "Qemu" for product "Qemu"
8.1.0
Search vendor "Qemu" for product "Qemu" and version "8.1.0"
rc2
Affected
Fedoraproject
Search vendor "Fedoraproject"
Fedora
Search vendor "Fedoraproject" for product "Fedora"
38
Search vendor "Fedoraproject" for product "Fedora" and version "38"
-
Affected
Debian
Search vendor "Debian"
Debian Linux
Search vendor "Debian" for product "Debian Linux"
10.0
Search vendor "Debian" for product "Debian Linux" and version "10.0"
-
Affected