Lucene search

K
prionPRIOn knowledge basePRION:CVE-2023-3255
HistorySep 13, 2023 - 5:15 p.m.

Design/Logic Flaw

2023-09-1317:15:00
PRIOn knowledge base
www.prio-n.com
6
qemu
vnc
clientcuttext
denial of service

6.1 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

52.4%

A flaw was found in the QEMU built-in VNC server while processing ClientCutText messages. A wrong exit condition may lead to an infinite loop when inflating an attacker controlled zlib buffer in the inflate_buffer function. This could allow a remote authenticated client who is able to send a clipboard to the VNC server to trigger a denial of service.