CVE-2023-3354

A flaw was found in the QEMU built-in VNC server. When a client connects to the VNC server, QEMU checks whether the current number of connections crosses a certain threshold and if so, cleans up the previous connection. If the previous connection happens to be in the handshake phase and fails, QEMU cleans up the connection again, resulting in a NULL pointer dereference issue. This could allow a remote unauthenticated client to cause a denial of service.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*
cpe:2.3:a:qemu:qemu:8.1.0:rc0:*:*:*:*:*:*
cpe:2.3:a:qemu:qemu:8.1.0:rc1:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:redhat:openstack_platform:13.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:-:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:advanced_virtualization:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*

Configuration 3 (hide)

cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*

History

11 Mar 2024, 18:15

Type Values Removed Values Added
References
  • () https://lists.debian.org/debian-lts-announce/2024/03/msg00012.html -

07 Nov 2023, 14:50

Type Values Removed Values Added
CPE cpe:2.3:a:qemu:qemu:8.1.0:rc1:*:*:*:*:*:*
cpe:2.3:a:qemu:qemu:8.1.0:rc0:*:*:*:*:*:*

24 Oct 2023, 12:56

Type Values Removed Values Added
References (MISC) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MURWGXDIF2WTDXV36T6HFJDBL632AO7R/ - (MISC) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MURWGXDIF2WTDXV36T6HFJDBL632AO7R/ - Mailing List
First Time Fedoraproject fedora
Fedoraproject
CPE cpe:2.3:a:qemu:qemu:-:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*
cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*

29 Aug 2023, 03:15

Type Values Removed Values Added
References
  • (MISC) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MURWGXDIF2WTDXV36T6HFJDBL632AO7R/ -

20 Jul 2023, 12:58

Type Values Removed Values Added
CWE CWE-476
CPE cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:-:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:a:qemu:qemu:-:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:advanced_virtualization:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openstack_platform:13.0:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.5
First Time Redhat
Redhat enterprise Linux
Redhat openstack Platform
Qemu qemu
Qemu
References (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=2216478 - (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=2216478 - Issue Tracking, Patch
References (MISC) https://access.redhat.com/security/cve/CVE-2023-3354 - (MISC) https://access.redhat.com/security/cve/CVE-2023-3354 - Third Party Advisory

11 Jul 2023, 17:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-07-11 17:15

Updated : 2024-03-11 18:15


NVD link : CVE-2023-3354

Mitre link : CVE-2023-3354

CVE.ORG link : CVE-2023-3354


JSON object : View

Products Affected

qemu

  • qemu

redhat

  • enterprise_linux
  • openstack_platform

fedoraproject

  • fedora
CWE
CWE-476

NULL Pointer Dereference