Lucene search

K
nvd[email protected]NVD:CVE-2023-3255
HistorySep 13, 2023 - 5:15 p.m.

CVE-2023-3255

2023-09-1317:15:09
CWE-835
web.nvd.nist.gov
2
qemu
vnc
denial of service
cve-2023-3255
zlib buffer
infinite loop
clientcuttext

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

6.3

Confidence

High

EPSS

0.002

Percentile

52.4%

A flaw was found in the QEMU built-in VNC server while processing ClientCutText messages. A wrong exit condition may lead to an infinite loop when inflating an attacker controlled zlib buffer in the inflate_buffer function. This could allow a remote authenticated client who is able to send a clipboard to the VNC server to trigger a denial of service.

Affected configurations

NVD
Node
qemuqemuRange8.0.3
Node
redhatenterprise_linuxMatch8.0
OR
redhatenterprise_linuxMatch9.0
Node
fedoraprojectfedoraMatch38

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

6.3

Confidence

High

EPSS

0.002

Percentile

52.4%