PT-2023-8255 · Qemu+10 · Qemu+10

Fiona Ebner

Publicado

2023-12-16

Atualizado

2025-05-02

CVE-2023-6683

CVSS v2.0

6.8

Média

Vetor

AV:N/AC:L/Au:S/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions QEMU (affected versions not specified)

Description A flaw was found in the QEMU built-in VNC server while processing ClientCutText messages. The qemu clipboard request() function can be reached before vnc server cut text caps() was called and had the chance to initialize the clipboard peer, leading to a NULL pointer dereference. This could allow a malicious authenticated VNC client to crash QEMU and trigger a denial of service.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

NULL Pointer Dereference

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-476

Identificadores relacionados

ALSA-2024:2135

ALT-PU-2024-10230

ALT-PU-2024-13687

ALT-PU-2024-14149

ALT-PU-2024-3359

ALT-PU-2024-6235

ALT-PU-2024-7201

AZL-40048

AZL-43054

BDU:2024-00308

CESA-2024_2962

CVE-2023-6683

INFSA-2024_2135

INFSA-2024_2962

MGASA-2024-0387

OESA-2024-1310

OESA-2024-1311

OESA-2024-1312

OESA-2024-1313

OPENSUSE-SU-2024_1394-1

OPENSUSE-SU-2024_1438-1

RHSA-2024:2135

RHSA-2024:2962

RHSA-2024_2135

RHSA-2024_2962

RLSA-2024:2135

RLSA-2024:2962

SUSE-SU-2024:1394-1

SUSE-SU-2024:1438-1

SUSE-SU-2024:1438-2

USN-6954-1

Produtos afetados

Alt Linux

Almalinux

Astra Linux

Centos

Linuxmint

Qemu

Red Hat

Red Os

Rocky Linux

Suse

Ubuntu

PT-2023-8255 · Qemu+10 · Qemu+10

CVE-2023-6683

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 95