Back to bug 2218486
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Mauro Matteo Cascella | 2023-06-29 10:52:04 UTC | CC | security-response-team | |
| Mauro Matteo Cascella | 2023-06-29 10:55:53 UTC | Doc Text | A flaw was found in the QEMU built-in VNC server while processing ClientCutText messages. There is a wrong exit condition leading to an infinite loop when inflating an attacked controlled zlib buffer in the `inflate_buffer` function. A remote authenticated client who is able to send a clipboard to the VNC server can trigger this flaw causing a denial of service. | A flaw was found in the QEMU built-in VNC server while processing ClientCutText messages. There is a wrong exit condition leading to an infinite loop when inflating an attacker controlled zlib buffer in the `inflate_buffer` function. A remote authenticated client who is able to send a clipboard to the VNC server can trigger this flaw causing a denial of service. |
| Mauro Matteo Cascella | 2023-06-29 10:57:38 UTC | Depends On | 2218488, 2218489 | |
| Paige Jung | 2023-06-29 16:04:28 UTC | Doc Text | A flaw was found in the QEMU built-in VNC server while processing ClientCutText messages. There is a wrong exit condition leading to an infinite loop when inflating an attacker controlled zlib buffer in the `inflate_buffer` function. A remote authenticated client who is able to send a clipboard to the VNC server can trigger this flaw causing a denial of service. | A flaw was found in the QEMU built-in VNC server while processing ClientCutText messages. A wrong exit condition may lead to an infinite loop when inflating an attacker controlled zlib buffer in the `inflate_buffer` function. This could allow a remote authenticated client who is able to send a clipboard to the VNC server to trigger a denial of service. |
| Mauro Matteo Cascella | 2023-07-04 08:52:01 UTC | Group | security, qe_staff | |
| CC | mkenneth, virt-maint | |||
| Summary | EMBARGOED CVE-2023-3255 QEMU: VNC: infinite loop in inflate_buffer() leads to denial of service | CVE-2023-3255 QEMU: VNC: infinite loop in inflate_buffer() leads to denial of service | ||
| Mauro Matteo Cascella | 2023-07-04 08:52:19 UTC | Depends On | 2219543 | |
| Red Hat Bugzilla | 2023-07-07 08:29:54 UTC | CC | security-response-team | |
| Assignee | security-response-team | nobody | ||
| Mauro Matteo Cascella | 2023-07-24 16:00:48 UTC | Fixed In Version | qemu 8.1.0-rc0 |
Back to bug 2218486