Lucene search
RedhatCVELIST:CVE-2023-3255HistorySep 13, 2023 - 4:12 p.m.
CVE-2023-3255 Qemu: vnc: infinite loop in inflate_buffer() leads to denial of service
2023-09-1316:12:52
CWE-835
redhat
www.cve.org
qemu
vnc
server
denial of service
inflate buffer
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.6 Medium
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
52.3%
A flaw was found in the QEMU built-in VNC server while processing ClientCutText messages. A wrong exit condition may lead to an infinite loop when inflating an attacker controlled zlib buffer in the inflate_buffer function. This could allow a remote authenticated client who is able to send a clipboard to the VNC server to trigger a denial of service.
CNA Affected
[
{
"vendor": "Red Hat",
"product": "Red Hat Enterprise Linux 8",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "virt-devel:rhel",
"defaultStatus": "affected",
"versions": [
{
"version": "8100020240314161907.e155f54d",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"cpes": [
"cpe:/a:redhat:enterprise_linux:8::appstream",
"cpe:/a:redhat:enterprise_linux:8::crb"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Enterprise Linux 8",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "virt:rhel",
"defaultStatus": "affected",
"versions": [
{
"version": "8100020240314161907.e155f54d",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"cpes": [
"cpe:/a:redhat:enterprise_linux:8::appstream",
"cpe:/a:redhat:enterprise_linux:8::crb"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Enterprise Linux 9",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "qemu-kvm",
"defaultStatus": "affected",
"versions": [
{
"version": "17:8.2.0-11.el9_4",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::appstream"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Enterprise Linux 6",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "qemu-kvm",
"defaultStatus": "unaffected",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Enterprise Linux 7",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "qemu-kvm",
"defaultStatus": "unaffected",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Enterprise Linux 7",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "qemu-kvm-ma",
"defaultStatus": "unaffected",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Enterprise Linux 8 Advanced Virtualization",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "virt:av/qemu-kvm",
"defaultStatus": "unaffected",
"cpes": [
"cpe:/a:redhat:advanced_virtualization:8::el8"
]
}
]Related
veracode
veracode
Denial Of Service (DoS)
2023-08-13 12:42:20
nvd
nvd
CVE-2023-3255
2023-09-13 17:15:09
prion
prion
Design/Logic Flaw
2023-09-13 17:15:00
debiancve
debiancve
CVE-2023-3255
2023-09-13 17:15:09
ubuntucve
ubuntucve
CVE-2023-3255
2023-09-13 00:00:00
redhatcve
redhatcve
CVE-2023-3255
2023-07-04 09:17:05
osv
osv
CVE-2023-3255
2023-09-13 17:15:09
Moderate: qemu-kvm security update
2024-05-10 14:32:42
Moderate: qemu-kvm security update
2024-04-30 00:00:00
cbl_mariner
cbl_mariner
CVE-2023-3255 affecting package qemu for versions less than 8.2.0-1
2024-03-19 17:21:46
cve
cve
CVE-2023-3255
2023-09-13 17:15:09
openvas
openvas
openSUSE: Security Advisory for qemu (SUSE-SU-2023:3234-1)
2024-03-04 00:00:00
Fedora: Security Advisory for qemu (FEDORA-2023-68df3f4b02)
2023-08-30 00:00:00
openSUSE: Security Advisory for qemu (SUSE-SU-2023:3082-1)
2024-03-04 00:00:00
fedora
fedora
[SECURITY] Fedora 38 Update: qemu-7.2.5-1.fc38
2023-08-29 01:35:27
nessus
nessus
Fedora 38 : qemu (2023-68df3f4b02)
2023-08-29 00:00:00
redos
redos
ROS-20240606-01
2024-06-06 00:00:00
redhat
redhat
(RHSA-2024:2962) Moderate: virt:rhel and virt-devel:rhel security and enhancement update
2024-05-22 06:35:12
(RHSA-2024:2135) Moderate: qemu-kvm security update
2024-04-30 06:14:50
oraclelinux
oraclelinux
virt:ol and virt-devel:rhel security and enhancement update
2024-05-24 00:00:00
qemu-kvm security update
2024-05-02 00:00:00
kvm_utils3 security update
2023-10-07 00:00:00
rocky
rocky
qemu-kvm security update
2024-05-10 14:32:42
almalinux
almalinux
Moderate: qemu-kvm security update
2024-04-30 00:00:00
ubuntu
ubuntu
QEMU vulnerabilities
2024-01-08 00:00:00
QEMU regression
2024-06-06 00:00:00
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.6 Medium
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
52.3%
Related for CVELIST:CVE-2023-3255