Astra Linux - уязвимость в qemu

A flaw was discovered in the QEMU-built-in VNC server during the processing of ClientCutText messages. A incorrect exit condition may lead to an infinite loop when inflating a zlib buffer controlled by an attacker in the inflatebuffer function. This could allow a remotely authenticated client, wh...

CLSA-2026-1777042213 qemu-kvm: Fix of 2 CVEs

Fix CVE-2023-3255 qemu-kvm: VNC inflatebuffer infinite loop ELSCVE-57519 - Fix CVE-2023-6683 qemu-kvm: VNC clipboard NULL pointer dereference ELSCVE-57516...

Qemu: vnc: infinite loop in inflate_buffer() leads to denial of service

...

zlib: heap-based buffer over-read and overflow in inflate() in inflate.c via a large gzip header extra field

A security vulnerability was found in zlib. The flaw triggered a heap-based buffer in inflate in the inflate.c function via a large gzip header extra field. This flaw is only applicable in the call inflateGetHeader...

OESA-2023-1785 qemu security update

QEMU is a FAST! processor emulator using dynamic translation to achieve good emulation speed. Security Fixes: A flaw was found in the QEMU built-in VNC server while processing ClientCutText messages. A wrong exit condition may lead to an infinite loop when inflating an attacker controlled zlib...

OESA-2023-1786 qemu security update

QEMU is a FAST! processor emulator using dynamic translation to achieve good emulation speed. Security Fixes: A flaw was found in the QEMU built-in VNC server while processing ClientCutText messages. A wrong exit condition may lead to an infinite loop when inflating an attacker controlled zlib...

CVE-2023-3255 Qemu: vnc: infinite loop in inflate_buffer() leads to denial of service

A flaw was found in the QEMU built-in VNC server while processing ClientCutText messages. A wrong exit condition may lead to an infinite loop when inflating an attacker controlled zlib buffer in the inflatebuffer function. This could allow a remote authenticated client who is able to send a...