PT-2023-8255 · Qemu+10 · Qemu+10

Fiona Ebner

Published

2023-12-16

Updated

2025-05-02

CVE-2023-6683

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:L/Au:S/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions QEMU (affected versions not specified)

Description A flaw was found in the QEMU built-in VNC server while processing ClientCutText messages. The qemu clipboard request() function can be reached before vnc server cut text caps() was called and had the chance to initialize the clipboard peer, leading to a NULL pointer dereference. This could allow a malicious authenticated VNC client to crash QEMU and trigger a denial of service.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

ALSA-2024:2135

ALT-PU-2024-10230

ALT-PU-2024-13687

ALT-PU-2024-14149

ALT-PU-2024-3359

ALT-PU-2024-6235

ALT-PU-2024-7201

AZL-40048

AZL-43054

BDU:2024-00308

CESA-2024_2962

CVE-2023-6683

INFSA-2024_2135

INFSA-2024_2962

MGASA-2024-0387

OESA-2024-1310

OESA-2024-1311

OESA-2024-1312

OESA-2024-1313

OPENSUSE-SU-2024_1394-1

OPENSUSE-SU-2024_1438-1

RHSA-2024:2135

RHSA-2024:2962

RHSA-2024_2135

RHSA-2024_2962

RLSA-2024:2135

RLSA-2024:2962

SUSE-SU-2024:1394-1

SUSE-SU-2024:1438-1

SUSE-SU-2024:1438-2

USN-6954-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Linuxmint

Qemu

Red Hat

Red Os

Rocky Linux

Suse

Ubuntu

PT-2023-8255 · Qemu+10 · Qemu+10

CVE-2023-6683

Weakness Enumeration

Related Identifiers

Affected Products

References · 95