You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
cve 2023 3180
About this tag
CVE-2023-3180 is a heap buffer overflow vulnerability in QEMU's virtual crypto device, specifically in the function virtio_crypto_sym_op_helper(). The flaw occurs when the reported source and destination lengths for a symmetric crypto operation differ, leading to an out-of-bounds write. This can crash the host process, deny service to guests, and potentially enable memory corruption. The vulnerability affects virtualized environments using QEMU and requires careful patching to mitigate risks. Discussions on WindowsForum cover the technical details, attack surface, and remediation steps for this CVE.
A heap buffer overflow in QEMU’s virtual crypto device — specifically in the function virtio_crypto_sym_op_helper() — creates a fragile attack surface that can be triggered when the reported source and destination lengths for a symmetric crypto operation differ; the result is a potentially...