A flaw was found in the QEMU built-in VNC server while processing ClientCutText messages. The qemu_clipboard_request() function can be reached before vnc_server_cut_text_caps() was called and had the chance to initialize the clipboard peer, leading to a NULL pointer dereference. This could allow a malicious authenticated VNC client to crash QEMU and trigger a denial of service.
References
Link | Resource |
---|---|
https://access.redhat.com/errata/RHSA-2024:2135 | |
https://access.redhat.com/security/cve/CVE-2023-6683 | Third Party Advisory |
https://bugzilla.redhat.com/show_bug.cgi?id=2254825 | Issue Tracking Patch |
https://security.netapp.com/advisory/ntap-20240223-0001/ | Third Party Advisory |
Configurations
History
30 Apr 2024, 14:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
26 Apr 2024, 16:09
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:* | |
References | () https://security.netapp.com/advisory/ntap-20240223-0001/ - Third Party Advisory |
23 Feb 2024, 16:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
22 Jan 2024, 19:50
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
|
References | () https://access.redhat.com/security/cve/CVE-2023-6683 - Third Party Advisory | |
References | () https://bugzilla.redhat.com/show_bug.cgi?id=2254825 - Issue Tracking, Patch | |
CPE | cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:* cpe:2.3:a:qemu:qemu:-:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:* |
|
First Time |
Redhat enterprise Linux
Qemu qemu Qemu Redhat |
12 Jan 2024, 19:21
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-01-12 19:15
Updated : 2024-04-30 14:15
NVD link : CVE-2023-6683
Mitre link : CVE-2023-6683
CVE.ORG link : CVE-2023-6683
JSON object : View
Products Affected
redhat
- enterprise_linux
qemu
- qemu
CWE
CWE-476
NULL Pointer Dereference