Published: 12/01/2024 Updated: 26/04/2024

CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8

VMScore: 0

A flaw was found in the QEMU built-in VNC server while processing ClientCutText messages. The qemu_clipboard_request() function can be reached before vnc_server_cut_text_caps() was called and had the chance to initialize the clipboard peer, leading to a NULL pointer dereference. This could allow a malicious authenticated VNC client to crash QEMU and trigger a denial of service.

Vulnerable Product	Search on Vulmon	Subscribe to Product
qemu qemu
redhat enterprise linux 8.0
redhat enterprise linux 9.0

Debian Bug report logs - #1060749 qemu: CVE-2023-6683: ui/clipboard: avoid crash upon request when clipboard peer is no Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 13 Jan 2024 16:30:02 UTC Sev ...

DescriptionA flaw was found in the QEMU built-in VNC server while processing ClientCutText messages The qemu_clipboard_request() function can be reached before vnc_server_cut_text_caps() was called and had the chance to initialize the clipboard peer, leading to a NULL pointer dereference This could allow a malicious authenticated VNC clien ...

CWE-476 https://access.redhat.com/security/cve/CVE-2023-6683 https://bugzilla.redhat.com/show_bug.cgi?id=2254825 https://security.netapp.com/advisory/ntap-20240223-0001/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1060749 https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2023-6683

CVE-2023-6683

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect