{"vulnerability": "CVE-2023-6693", "sightings": [{"uuid": "c60ec97f-0a69-418f-b5bd-1ea9f94fe170", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-6693", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/15071", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-6693\n\ud83d\udd25 CVSS Score: 4.9 (cvssV3_1, Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\ud83d\udd39 Description: A stack based buffer overflow was found in the virtio-net device of QEMU. This issue occurs when flushing TX in the virtio_net_flush_tx function if guest features VIRTIO_NET_F_HASH_REPORT, VIRTIO_F_VERSION_1 and VIRTIO_NET_F_MRG_RXBUF are enabled. This could allow a malicious user to overwrite local variables allocated on the stack. Specifically, the `out_sg` variable could be used to read a part of process memory and send it to the wire, causing an information leak.\n\ud83d\udccf Published: 2024-01-02T09:15:08.280Z\n\ud83d\udccf Modified: 2025-05-06T08:11:12.675Z\n\ud83d\udd17 References:\n1. https://access.redhat.com/errata/RHSA-2024:2962\n2. https://access.redhat.com/errata/RHSA-2025:4492\n3. https://access.redhat.com/security/cve/CVE-2023-6693\n4. https://bugzilla.redhat.com/show_bug.cgi?id=2254580", "creation_timestamp": "2025-05-06T08:20:26.000000Z"}, {"uuid": "f262cbf3-7dcf-47f2-a295-952117948447", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-6693", "type": "seen", "source": "https://t.me/cibsecurity/74179", "content": "\u203c\ufe0fCVE-2023-6693\u203c\ufe0f\n\nA stack based buffer overflow was found in the virtionet device of QEMU. This issue occurs when flushing TX in the virtionetflushtx function if guest features VIRTIONETFHASHREPORT, VIRTIOFVERSION1 and VIRTIONETFMRGRXBUF are enabled. This could allow a malicious user to overwrite local variables allocated on the stack. Specifically, the outsg variable could be used to read a part of process memory and send it to the wire, causing an information leak.\n\n\ud83d\udcd6 Read more\n\nVia \"National Vulnerability Database\"", "creation_timestamp": "2024-01-03T01:35:29.000000Z"}, {"uuid": "ebe1aae1-b2a3-43d9-97dd-f4dd22c86c6f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-6693", "type": "seen", "source": "https://t.me/ctinow/171280", "content": "https://ift.tt/gsMhOTw\nCVE-2023-6693 | QEMU virtio-net Device virtio_net_flush_tx out_sg stack-based overflow", "creation_timestamp": "2024-01-22T16:37:36.000000Z"}, {"uuid": "b4bb5eb4-6944-48ab-bc9f-c047a5f847f7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-6693", "type": "seen", "source": "https://t.me/ctinow/181325", "content": "https://ift.tt/JfYiRX7\nCVE-2023-6693 QEMU Vulnerability in NetApp Products", "creation_timestamp": "2024-02-08T12:26:36.000000Z"}, {"uuid": "1ae5ac5e-3f8d-43e5-99e1-189d9f0532a6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-6693", "type": "seen", "source": "https://t.me/ctinow/161685", "content": "https://ift.tt/YVSrQcd\nCVE-2023-6693", "creation_timestamp": "2024-01-02T11:26:32.000000Z"}]}