Published: 13/09/2023 Updated: 30/04/2024

CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8

VMScore: 0

A flaw was found in the QEMU built-in VNC server while processing ClientCutText messages. A wrong exit condition may lead to an infinite loop when inflating an attacker controlled zlib buffer in the `inflate_buffer` function. This could allow a remote authenticated client who is able to send a clipboard to the VNC server to trigger a denial of service.

Vulnerable Product	Search on Vulmon	Subscribe to Product
qemu qemu
redhat enterprise linux 8.0
redhat enterprise linux 9.0
fedoraproject fedora 38

DescriptionA flaw was found in the QEMU built-in VNC server while processing ClientCutText messages A wrong exit condition may lead to an infinite loop when inflating an attacker controlled zlib buffer in the `inflate_buffer` function This could allow a remote authenticated client who is able to send a clipboard to the VNC server to trigge ...

CWE-835 https://access.redhat.com/security/cve/CVE-2023-3255 https://bugzilla.redhat.com/show_bug.cgi?id=2218486 https://security.netapp.com/advisory/ntap-20231020-0008/https://access.redhat.com/errata/RHSA-2024:2135 https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2023-3255

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2023-3255

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect