A flaw was found in the QEMU built-in VNC server while processing ClientCutText messages. The qemu_clipboard_request() function can be reached before vnc_server_cut_text_caps() was called and had the chance to initialize the clipboard peer, leading to a NULL pointer dereference. This could allow a malicious authenticated VNC client to crash QEMU and trigger a denial of service.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: redhat
Published: 2024-01-12T19:01:25.542Z
Updated: 2024-09-13T23:30:49.190Z
Reserved: 2023-12-11T14:45:48.417Z
Link: CVE-2023-6683
Vulnrichment
Updated: 2024-08-02T08:35:15.116Z
NVD
Status : Modified
Published: 2024-01-12T19:15:11.480
Modified: 2024-09-14T00:15:14.397
Link: CVE-2023-6683
Redhat