Launchpad CVE tracker

CVE 2023-3180

A flaw was found in the QEMU virtual crypto device while handling data encryption/decryption requests in virtio_crypto_handle_sym_req. There is no check for the value of `src_len` and `dst_len` in virtio_crypto_sym_op_helper, potentially leading to a heap buffer overflow when the two values differ.

Related bugs and status

CVE-2023-3180 (Candidate) is related to these bugs:

Bug #2038888: [Debian] High CVE: CVE-2020-14394/CVE-2021-20196/.../CVE-2023-3301/CVE-2023-3354 qemu: multiple CVEs

Summary				In	Importance	Status
	2038888	[Debian] High CVE: CVE-2020-14394/CVE-2021-20196/.../CVE-2023-3301/CVE-2023-3354 qemu: multiple CVEs		StarlingX	High	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: https://bugzilla.redha...
MISC: https://access.redhat....
FEDORA: FEDORA-2023-68df3f4b02
CONFIRM: https://security.netap...
MLIST: [debian-lts-announce] ...

Launchpad.net

CVE 2023-3180

Related bugs and status

Related bugs

References