A flaw was found in the QEMU built-in VNC server while processing ClientCutText messages. The qemu_clipboard_request() function can be reached before vnc_server_cut_text_caps() was called and had the chance to initialize the clipboard peer, leading to a NULL pointer dereference. This could allow a malicious authenticated VNC client to crash QEMU and trigger a denial of service.
Fixes

Solution

No solution given by the vendor.


Workaround

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

History

Fri, 22 Nov 2024 12:00:00 +0000

Type Values Removed Values Added
References

Fri, 15 Nov 2024 16:15:00 +0000

Type Values Removed Values Added
References
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2025-09-26T06:27:22.326Z

Reserved: 2023-12-11T14:45:48.417Z

Link: CVE-2023-6683

cve-icon Vulnrichment

Updated: 2024-08-02T08:35:15.116Z

cve-icon NVD

Status : Analyzed

Published: 2024-01-12T19:15:11.480

Modified: 2025-05-02T15:10:54.503

Link: CVE-2023-6683

cve-icon Redhat

Severity : Moderate

Publid Date: 2024-01-12T00:00:00Z

Links: CVE-2023-6683 - Bugzilla

cve-icon OpenCVE Enrichment

No data.