Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2023-3255

Опубликовано: 13 сент. 2023
Источник: ubuntu
Приоритет: low
EPSS Низкий
CVSS3: 6.5

Описание

A flaw was found in the QEMU built-in VNC server while processing ClientCutText messages. A wrong exit condition may lead to an infinite loop when inflating an attacker controlled zlib buffer in the inflate_buffer function. This could allow a remote authenticated client who is able to send a clipboard to the VNC server to trigger a denial of service.

РелизСтатусПримечание
bionic

ignored

end of standard support
devel

not-affected

1:8.0.4+dfsg-1ubuntu5
esm-infra-legacy/trusty

not-affected

code not present
esm-infra/bionic

not-affected

code not present
esm-infra/focal

not-affected

code not present
esm-infra/xenial

not-affected

code not present
focal

not-affected

code not present
jammy

released

1:6.2+dfsg-2ubuntu6.16
kinetic

ignored

end of life, was deferred [2023-07-14]
lunar

released

1:7.2+dfsg-5ubuntu2.4

Показывать по

Ссылки на источники

EPSS

Процентиль: 33%
0.00127
Низкий

6.5 Medium

CVSS3

Связанные уязвимости

redhat логотип

CVE-2023-3255

CVSS3: 6.5
redhat
больше 2 лет назад

A flaw was found in the QEMU built-in VNC server while processing ClientCutText messages. A wrong exit condition may lead to an infinite loop when inflating an attacker controlled zlib buffer in the `inflate_buffer` function. This could allow a remote authenticated client who is able to send a clipboard to the VNC server to trigger a denial of service.

nvd логотип

CVE-2023-3255

CVSS3: 6.5
nvd
около 2 лет назад

A flaw was found in the QEMU built-in VNC server while processing ClientCutText messages. A wrong exit condition may lead to an infinite loop when inflating an attacker controlled zlib buffer in the `inflate_buffer` function. This could allow a remote authenticated client who is able to send a clipboard to the VNC server to trigger a denial of service.

msrc логотип

CVE-2023-3255

CVSS3: 6.5
msrc
около 1 года назад

Описание отсутствует

debian логотип

CVE-2023-3255

CVSS3: 6.5
debian
около 2 лет назад

A flaw was found in the QEMU built-in VNC server while processing Clie ...

github логотип

GHSA-p5xv-5g6h-qw33

CVSS3: 6.5
github
около 2 лет назад

A flaw was found in the QEMU built-in VNC server while processing ClientCutText messages. A wrong exit condition may lead to an infinite loop when inflating an attacker controlled zlib buffer in the `inflate_buffer` function. This could allow a remote authenticated client who is able to send a clipboard to the VNC server to trigger a denial of service.

EPSS

Процентиль: 33%
0.00127
Низкий

6.5 Medium

CVSS3

Уязвимость CVE-2023-3255