CVE-2023-3354

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions QEMU (affected versions not specified)

Description A flaw was found in the QEMU built-in VNC server. When a client connects to the VNC server, QEMU checks whether the current number of connections crosses a certain threshold and if so, cleans up the previous connection. If the previous connection happens to be in the handshake phase and fails, QEMU cleans up the connection again, resulting in a NULL pointer dereference issue. This could allow a remote unauthenticated client to cause a denial of service.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

ALSA-2023:5094

ALSA-2023:5264

ALT-PU-2023-5106

ALT-PU-2023-5241

ALT-PU-2023-7183

ALT-PU-2024-13687

ALT-PU-2024-14149

AZL-31659

AZL-35171

BDU:2023-05003

CESA-2023_5264

CVE-2023-3354

DLA-3759-1

OESA-2023-1657

OESA-2023-1736

OPENSUSE-SU-2023_3721-1

OPENSUSE-SU-2023_4056-1

OPENSUSE-SU-2023_4662-1

OPENSUSE-SU-2024:13114-1

RHSA-2023:5094

RHSA-2023:5239

RHSA-2023:5264

RHSA-2023:5587

RHSA-2023:5796

RHSA-2023:6227

RHSA-2023_5094

RHSA-2023_5264

RHSA-2024:0404

ROSA-SA-2025-2641

SUSE-SU-2023:3444-1

SUSE-SU-2023:3721-1

SUSE-SU-2023:3800-1

SUSE-SU-2023:4056-1

SUSE-SU-2023:4662-1

SUSE-SU-2024:0589-1

SUSE-SU-2024:1395-1

USN-6567-1

USN-6567-2

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Linuxmint

Qemu

Red Hat

Red Os

Suse

Ubuntu

CVE-2023-3354

Weakness Enumeration

Related Identifiers

Affected Products

References · 112