Back to bug 2222424

Who	When	What	Removed	Added
Mauro Matteo Cascella	2023-07-12 17:20:02 UTC	CC		security-response-team
Mauro Matteo Cascella	2023-07-12 17:31:54 UTC	Depends On		2222427
Mauro Matteo Cascella	2023-08-03 07:17:52 UTC	CC		virt-maint
		Summary	EMBARGOED CVE-2023-3180 QEMU: virtio-crypto: heap buffer overflow in virtio_crypto_sym_op_helper()	CVE-2023-3180 QEMU: virtio-crypto: heap buffer overflow in virtio_crypto_sym_op_helper()
		Group	security, qe_staff
Mauro Matteo Cascella	2023-08-03 07:18:08 UTC	Depends On		2228748
Mauro Matteo Cascella	2023-08-03 07:39:54 UTC	Doc Text		A flaw was found in the QEMU virtual crypto device while handling data encryption/decryption requests in virtio_crypto_handle_sym_req. There is no check for the value of `src_len` and `dst_len` in virtio_crypto_sym_op_helper, potentially leading to a heap buffer overflow when the two values differ.
Product Security DevOps Team	2023-08-03 13:05:56 UTC	Status	NEW	CLOSED
		Resolution	---	NOTABUG
		Last Closed		2023-08-03 13:05:56 UTC

Back to bug 2222424