Jump to content


CVE-2015-3456 - Venom vulnerability

CVE-2015-3456 venom

This topic has been archived. This means that you cannot reply to this topic.
1 reply to this topic

#1 Dave Farrow

Dave Farrow


  • Moderators
  • 35 posts

Posted 13 May 2015 - 05:19 PM

On Wednesday morning, May13, we were notified of the release of CVE-2015-3456 (aka Venom). This vulnerability allows an attacker to move from a guest VM under the attacker’s control to the host that the guest is running on. More information about the vulnerability is available at http://venom.crowdstrike.com.

Barracuda's virtual appliances are not directly affected by this issue. However, customers using our virtual appliances should evaluate their hosting platforms and patch them as recommended by the platform vendor.
We are currently investigating whether any of our services are affected by this issue. 
This thread will be updated as we have additional information.

#2 Andy Jensen

Andy Jensen


  • Product Managers
  • 63 posts

Posted 13 May 2015 - 09:12 PM

This afternoon, we determined our Cloud LiveBoot infrastructure to be susceptible to CVE-2015-3456 (aka Venom). Barracuda Cloud operations has patched the vulnerability as of 10:00pm EDT.