A flaw was found in the QEMU built-in VNC server. When a client connects to
the VNC server, QEMU checks whether the current number of connections
crosses a certain threshold and if so, cleans up the previous connection.
If the previous connection happens to be in the handshake phase and fails,
QEMU cleans up the connection again, resulting in a NULL pointer
dereference issue. This could allow a remote unauthenticated client to
cause a denial of service.
Author | Note |
---|---|
Priority reason: Limited to a denial of service in the VNC server component. | |
mdeslaur | VNC denial of service |