CVE-2023-6683: A flaw was found in the QEMU built-in VNC server while processing ClientCutText messages. The qemu_clipboard_request() function can be reached before…

medium6.5CVSS 3.1

AVNACLPRLUINSUCNINAH

A flaw was found in the QEMU built-in VNC server while processing ClientCutText messages. The qemu_clipboard_request() function can be reached before vnc_server_cut_text_caps() was called and had the chance to initialize the clipboard peer, leading to a NULL pointer dereference. This could allow a malicious authenticated VNC client to crash QEMU and trigger a denial of service.

Affected

12 ranges

Vendor	Product	Version range	Fixed in
debian	qemu	< qemu 1:7.2+dfsg-7+deb12u4 (bookworm)	qemu 1:7.2+dfsg-7+deb12u4 (bookworm)
msrc	azl3_qemu_8.2.0-13_on_azure_linux_3.0	—	—
msrc	azl3_qemu_8.2.0-16_on_azure_linux_3.0	—	—
msrc	cbl2_qemu_6.2.0-21_on_cbl_mariner_2.0	—	—
msrc	cbl2_qemu_6.2.0-24_on_cbl_mariner_2.0	—	—
qemu	qemu	>= 0 < 1:7.2+dfsg-7+deb12u4	1:7.2+dfsg-7+deb12u4
qemu	qemu	>= 0 < 1:8.2.0+ds-5	1:8.2.0+ds-5
qemu	qemu	>= 0 < 1:8.2.0+ds-5	1:8.2.0+ds-5
qemu	qemu	>= 0 < 1:6.2+dfsg-2ubuntu6.22	1:6.2+dfsg-2ubuntu6.22
qemu	qemu	>= 6.1.0 < 8.2.2	8.2.2
redhat	enterprise_linux	—	—
redhat	enterprise_linux	—	—

CVSS provenance

nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

osv6.5MEDIUM