CVE-2023-6683

Name
CVE-2023-6683
Description
A flaw was found in the QEMU built-in VNC server while processing ClientCutText messages. The qemu_clipboard_request() function can be reached before vnc_server_cut_text_caps() was called and had the chance to initialize the clipboard peer, leading to a NULL pointer dereference. This could allow a malicious authenticated VNC client to crash QEMU and trigger a denial of service.
NVD Severity
unknown
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
vdb-entry https://access.redhat.com/security/cve/CVE-2023-6683
issue-tracking https://bugzilla.redhat.com/show_bug.cgi?id=2254825
secalert@redhat.com https://security.netapp.com/advisory/ntap-20240223-0001/
vendor-advisory https://access.redhat.com/errata/RHSA-2024:2135
vendor-advisory https://access.redhat.com/errata/RHSA-2024:2962

Match rules

CPE URI Source package Min version Max version
cpe:/a:redhat:enterprise_linux:8::appstream shopxo >= 8100020240314161907.e155f54d < *
cpe:/a:redhat:enterprise_linux:9::appstream shopxo >= 17:8.2.0-11.el9_4 < *
cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:* qemu >= 6.1.0 < 8.2.2

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
qemu 3.19-community 8.1.5-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable