What is CVE-2023-3180?

CVE-2023-3180 is a medium-severity vulnerability in Fedora Extra Packages For Enterprise Linux, classified under Heap-based Buffer Overflow. CVSS score: 6.0/10. Published 2023-08-03.

How severe is CVE-2023-3180?

Medium severity. CVSS v3 base score is 6.0 out of 10.

Buffer overflow in Fedora Extra Packages For Enterprise Linux

CVE-2023-3180

A flaw was found in the QEMU virtual crypto device while handling data encryption/decryption requests in virtio_crypto_handle_sym_req. There is no check for the value of `src_len` and `dst_len` in virtio_crypto_sym_op_helper, potentially l…

Vulnerability class: Buffer Overflow

EPSS: 0.000 (7.8th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.0 (Medium). Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H.

Affected products

Weakness classification (CWE)

CWE-122 — Heap-based Buffer Overflow

References

access.redhat.com/security/cve/CVE-2023-3180 (vdb-entry, x_refsource_REDHAT)
RHBZ#2222424 (issue-tracking, x_refsource_REDHAT)
lists.debian.org/debian-lts-announce/2023/10/msg00006.html
lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/…
security.netapp.com/advisory/ntap-20230831-0008/

Frequently asked questions

What is CVE-2023-3180?: CVE-2023-3180 is a medium-severity vulnerability in Fedora Extra Packages For Enterprise Linux, classified under Heap-based Buffer Overflow. CVSS score: 6.0/10. Published 2023-08-03.
How severe is CVE-2023-3180?: Medium severity. CVSS v3 base score is 6.0 out of 10.