VDB

GSD-2023-3354

GSD-2023-3354 PUBLISHED CVSS 7.5 HIGH

A flaw was found in the QEMU built-in VNC server. When a client connects to the VNC server, QEMU checks whether the current number of connections crosses a certain threshold and if so, cleans up the previous connection. If the previous connection happens to be in the handshake phase and fails, QEMU cleans up the connection again, resulting in a NULL pointer dereference issue. This could allow a remote unauthenticated client to cause a denial of service.

Risk Scores

CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products

VendorProductVersions
Red HatRed Hat Enterprise Linux 8
FedoraFedora
Red HatRed Hat Enterprise Linux 9
Red HatRed Hat Enterprise Linux 6
Red HatRed Hat OpenStack Platform 13 (Queens)
Red HatRed Hat Enterprise Linux 7
n/aqemu
Red HatRed Hat Enterprise Linux 7
FedoraExtra Packages for Enterprise Linux
Red HatRed Hat Enterprise Linux 8 Advanced Virtualization

Timeline

  • Jul 8, 2018 CVE Published
Open in Interactive Console →
$ Console Community · 100/wk Open console ›