Lucene search

K
ubuntucveUbuntu.comUB:CVE-2023-3255
HistorySep 13, 2023 - 12:00 a.m.

CVE-2023-3255

2023-09-1300:00:00
ubuntu.com
ubuntu.com
15
qemu
vnc server
dos
zlib buffer
authenticated client

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS

0.002

Percentile

52.4%

A flaw was found in the QEMU built-in VNC server while processing
ClientCutText messages. A wrong exit condition may lead to an infinite loop
when inflating an attacker controlled zlib buffer in the inflate_buffer
function. This could allow a remote authenticated client who is able to
send a clipboard to the VNC server to trigger a denial of service.

Bugs

Notes

Author Note
Priority reason: This can only be used as a DoS by an authenticated user to the VNC service.
OSVersionArchitecturePackageVersionFilename
ubuntu22.04noarchqemu< 1:6.2+dfsg-2ubuntu6.16UNKNOWN
ubuntu23.04noarchqemu< 1:7.2+dfsg-5ubuntu2.4UNKNOWN

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS

0.002

Percentile

52.4%