A flaw was found in the QEMU built-in VNC server while processing ClientCutText messages. A wrong exit condition may lead to an infinite loop when inflating an attacker controlled zlib buffer in the `inflate_buffer` function. This could allow a remote authenticated client who is able to send a clipboard to the VNC server to trigger a denial of service.
Metrics
Affected Vendors & Products
References
History
Fri, 13 Sep 2024 19:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
|
MITRE
Status: PUBLISHED
Assigner: redhat
Published: 2023-09-13T16:12:52.294Z
Updated: 2024-09-13T18:21:54.575Z
Reserved: 2023-06-14T21:08:31.376Z
Link: CVE-2023-3255
Vulnrichment
No data.
NVD
Status : Modified
Published: 2023-09-13T17:15:09.877
Modified: 2024-09-13T19:15:14.007
Link: CVE-2023-3255
Redhat