A flaw was found in the QEMU built-in VNC server while processing ClientCutText messages. The qemu_clipboard_request() function can be reached before vnc_server_cut_text_caps() was called and had the chance to initialize the clipboard peer, leading to a NULL pointer dereference. This could allow a malicious authenticated VNC client to crash QEMU and trigger a denial of service.
Metrics
Affected Vendors & Products
References
History
Fri, 22 Nov 2024 12:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
|
Fri, 15 Nov 2024 16:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Metrics |
ssvc
|
MITRE
Status: PUBLISHED
Assigner: redhat
Published: 2024-01-12T19:01:25.542Z
Updated: 2024-11-15T15:14:42.593Z
Reserved: 2023-12-11T14:45:48.417Z
Link: CVE-2023-6683
Vulnrichment
Updated: 2024-08-02T08:35:15.116Z
NVD
Status : Modified
Published: 2024-01-12T19:15:11.480
Modified: 2024-11-21T08:44:20.377
Link: CVE-2023-6683
Redhat