PT-2022-7294 · Qemu+10 · Qemu+10

Tangpeng

Published

2022-09-25

Updated

2024-03-29

CVE-2022-3165

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:L/Au:S/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions QEMU (affected versions not specified)

Description The issue is related to an integer underflow in the QEMU VNC server when processing ClientCutText messages in the extended format. This can be exploited by a malicious client sending a specially crafted payload message, resulting in a denial of service, making QEMU unresponsive. The exploitation can be done remotely.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Integer Underflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-191

Related Identifiers

ALSA-2023:2162

ALSA-2023:2757

ALT-PU-2022-3429

ALT-PU-2023-1830

ALT-PU-2023-1869

AZL-11222

AZL-35160

BDU:2024-02427

CESA-2023_2757

CVE-2022-3165

MGASA-2023-0059

OESA-2022-2024

RHSA-2023:2162

RHSA-2023:2757

RHSA-2023_2162

RHSA-2023_2757

SUSE-SU-2023:0671-1

USN-5772-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Linuxmint

Qemu

Red Hat

Red Os

Rocky Linux

Suse

Ubuntu

PT-2022-7294 · Qemu+10 · Qemu+10

CVE-2022-3165

Weakness Enumeration

Related Identifiers

Affected Products

References · 74