Your submission was sent successfully! Close

You have successfully unsubscribed! Close

CVE-2022-3165

Published: 17 October 2022

An integer underflow issue was found in the QEMU VNC server while processing ClientCutText messages in the extended format. A malicious client could use this flaw to make QEMU unresponsive by sending a specially crafted payload message, resulting in a denial of service.

Notes

AuthorNote
rodrigo-zaiden
from the patch being proposed in qemu-devel list
it was introduced in v6.1.0-rc0 with commit
https://gitlab.com/qemu-project/qemu/-/commit/0bf41cab93e5c72dcda717abd625698b59d9ba3e

Priority

Medium

CVSS 3 base score: 6.5

Status

Package Release Status
qemu
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(code not present)
focal Not vulnerable
(code not present)
jammy
Released (1:6.2+dfsg-2ubuntu6.6)
kinetic
Released (1:7.0+dfsg-7ubuntu2.1)
trusty Not vulnerable
(code not present)
upstream Needs triage

xenial Not vulnerable
(code not present)
Patches:
upstream: https://gitlab.com/qemu-project/qemu/-/commit/d307040b18bfcb1393b910f1bae753d5c12a4dc7