{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-07T13:28:12.150","vulnerabilities":[{"cve":{"id":"CVE-2023-6693","sourceIdentifier":"secalert@redhat.com","published":"2024-01-02T10:15:08.930","lastModified":"2025-11-03T20:16:07.487","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A stack based buffer overflow was found in the virtio-net device of QEMU. This issue occurs when flushing TX in the virtio_net_flush_tx function if guest features VIRTIO_NET_F_HASH_REPORT, VIRTIO_F_VERSION_1 and VIRTIO_NET_F_MRG_RXBUF are enabled. This could allow a malicious user to overwrite local variables allocated on the stack. Specifically, the `out_sg` variable could be used to read a part of process memory and send it to the wire, causing an information leak."},{"lang":"es","value":"Se encontró un desbordamiento de búfer en la región stack de la memoria en el dispositivo virtio-net de QEMU. Este problema ocurre al vaciar TX en la función virtio_net_flush_tx si las funciones de invitado VIRTIO_NET_F_HASH_REPORT, VIRTIO_F_VERSION_1 y VIRTIO_NET_F_MRG_RXBUF están habilitadas. Esto podría permitir que un usuario malintencionado sobrescriba las variables locales asignadas en la pila. Específicamente, la variable `out_sg` podría usarse para leer una parte de la memoria del proceso y enviarla al cable, provocando una fuga de información."}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L","baseScore":4.9,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":1.4,"impactScore":3.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":1.8,"impactScore":3.4}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-121"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-787"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*","versionEndExcluding":"8.2.1","matchCriteriaId":"EF658C4B-28B2-4514-A3E6-8AE0F8028C53"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:-:*:*:*","matchCriteriaId":"053C1B35-3869-41C2-9551-044182DE0A64"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:advanced_virtualization:*:*:*","matchCriteriaId":"3AA08768-75AF-4791-B229-AE938C780959"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*","matchCriteriaId":"7F6FB57C-2BC7-487C-96DD-132683AEB35D"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*","matchCriteriaId":"B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646"}]}]}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2024:2962","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2025:4492","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/security/cve/CVE-2023-6693","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2254580","source":"secalert@redhat.com","tags":["Issue Tracking","Patch"]},{"url":"https://access.redhat.com/errata/RHSA-2024:2962","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/security/cve/CVE-2023-6693","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2254580","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch"]},{"url":"https://lists.debian.org/debian-lts-announce/2025/04/msg00042.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OYGUN5HVOXESW7MSNM44E4AE2VNXQB6Y/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.netapp.com/advisory/ntap-20240208-0004/","source":"af854a3a-2127-422b-91ae-364da2661108"}]}}]}