CVE-2023-3255

Qemu: vnc: infinite loop in inflate_buffer() leads to denial of service

Published: 9/13/2023 Last updated: 11/8/2025 Reserved: 6/14/2023

A flaw was found in the QEMU built-in VNC server while processing ClientCutText messages. A wrong exit condition may lead to an infinite loop when inflating an attacker controlled zlib buffer in the `inflate_buffer` function. This could allow a remote authenticated client who is able to send a clipboard to the VNC server to trigger a denial of service.

CNA assigner: redhat (53f830b8-0a3f-465b-8143-3b8a9948e749) Requested by: n/a

Metrics

Version	Score	Severity	Vector String
3.1	6.5	Medium	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Opam packages affected (2)

conf-qemu-img nbd-tool

Products affected (2)

Product	Vendor	Version
Red Hat Enterprise Linux 8	Red Hat	1.0
Red Hat Enterprise Linux 8	Red Hat	4.8.8

References (18)

Credits (2)

Red Hat would like to thank Kevin Denis (Synacktiv) for reporting this issue.
Red Hat would like to thank Kevin Denis (Synacktiv) for reporting this issue.