Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-3354

A flaw was found in the QEMU built-in VNC server. When a client connects to the VNC server, QEMU checks whether the current number of connections crosses a certain threshold and if so, cleans up the previous connection. If the previous connection happens to be in the handshake phase and fails, QEMU cleans up the connection again, resulting in a NULL pointer dereference issue. This could allow a remote unauthenticated client to cause a denial of service.

Published

2023-07-11T17:15:13.387

Last Modified

2024-11-21T08:17:05.117

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

Weaknesses

Type: Secondary
CWE-476
Type: Primary
CWE-476

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	qemu	qemu	< 8.1.0	Yes
Application	qemu	qemu	8.1.0	Yes
Application	qemu	qemu	8.1.0	Yes
Application	redhat	openstack_platform	13.0	Yes
Operating System	redhat	enterprise_linux	7.0	Yes
Operating System	redhat	enterprise_linux	8.0	Yes
Operating System	redhat	enterprise_linux	8.0	Yes
Operating System	redhat	enterprise_linux	9.0	Yes
Operating System	fedoraproject	fedora	38	Yes

References

https://access.redhat.com/security/cve/CVE-2023-3354 Third Party Advisory ([email protected])
https://bugzilla.redhat.com/show_bug.cgi?id=2216478 Issue Tracking, Patch ([email protected])
https://lists.debian.org/debian-lts-announce/2024/03/msg00012.html ([email protected])
https://lists.fedoraproject.org/archives/list/[email protected]/message/MURWGXDIF2WTDXV36T6HFJDBL632AO7R/ Mailing List ([email protected])
https://access.redhat.com/security/cve/CVE-2023-3354 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.redhat.com/show_bug.cgi?id=2216478 Issue Tracking, Patch (af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2024/03/msg00012.html (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/[email protected]/message/MURWGXDIF2WTDXV36T6HFJDBL632AO7R/ Mailing List (af854a3a-2127-422b-91ae-364da2661108)