CVE-2023-3180

CVSS v3.1

6.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions QEMU (affected versions not specified)

Description A flaw was found in the QEMU virtual crypto device while handling data encryption/decryption requests in virtio crypto handle sym req. There is no check for the value of src len and dst len in virtio crypto sym op helper, potentially leading to a heap buffer overflow when the two values differ. This issue may allow an attacker to cause a denial of service.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Memory Corruption

Heap Based Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787CWE-122

Related Identifiers

ALT-PU-2023-5106

ALT-PU-2023-5241

ALT-PU-2023-7183

ALT-PU-2024-13687

ALT-PU-2024-14149

AZL-31817

AZL-35168

BDU:2023-08901

CVE-2023-3180

DLA-3604-1

OESA-2023-1521

OESA-2023-1522

OESA-2023-1523

OESA-2023-1524

OESA-2023-1525

OPENSUSE-SU-2023_3721-1

OPENSUSE-SU-2023_4056-1

OPENSUSE-SU-2023_4662-1

OPENSUSE-SU-2024:13114-1

ROSA-SA-2025-2641

SUSE-SU-2023:3444-1

SUSE-SU-2023:3721-1

SUSE-SU-2023:3800-1

SUSE-SU-2023:4056-1

SUSE-SU-2023:4662-1

SUSE-SU-2024:0589-1

SUSE-SU-2024:1395-1

USN-6567-1

USN-6567-2

USN-8412-1

Affected Products

Alt Linux

Astra Linux

Linuxmint

Qemu

Red Os

Suse

Ubuntu

CVE-2023-3180

Weakness Enumeration

Related Identifiers

Affected Products

References · 145