Bugzilla – Bug 1213001
VUL-0: CVE-2023-3255: qemu,kvm: VNC: infinite loop in inflate_buffer() leads to denial of service
Last modified: 2024-02-22 14:37:27 UTC
CVE-2023-3255 The `vnc_client_cut_text_ext` function in ui/vnc-clipboard.c calls `inflate_buffer` with an attacker controlled buffer (size, data). There is a wrong exit condition in `inflate_buffer` which can trigger an infinite loop. A remote authenticated client who is able to send a clipboard to the QEMU built-in VNC server can trigger this flaw and cause a denial of service. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3255 https://bugzilla.redhat.com/show_bug.cgi?id=2218486
Proposed patch: https://lists.nongnu.org/archive/html/qemu-devel/2023-07/msg00596.html
We have 0bf41cab ("ui/vnc: clipboard support") in: - SUSE:SLE-15-SP4:Update/qemu - SUSE:SLE-15-SP5:Update/qemu - SUSE:ALP:Source:Standard:1.0/qemu - openSUSE:Factory/qemu
(In reply to Carlos López from comment #1) > Proposed patch: > https://lists.nongnu.org/archive/html/qemu-devel/2023-07/msg00596.html > Committed as d921fea338c1059a27ce7b75309d7a2e485f710b https://gitlab.com/qemu-project/qemu/-/commit/d921fea338c1059a27ce7b75309d7a2e485f710b
This is an autogenerated message for OBS integration: This bug (1213001) was mentioned in https://build.opensuse.org/request/show/1101031 Factory / qemu
SUSE-SU-2023:3082-1: An update that solves four vulnerabilities and has two fixes can now be installed. Category: security (important) Bug References: 1179993, 1181740, 1207205, 1212968, 1213001, 1213414 CVE References: CVE-2023-0330, CVE-2023-2861, CVE-2023-3255, CVE-2023-3301 Sources used: Server Applications Module 15-SP5 (src): qemu-7.1.0-150500.49.6.1 openSUSE Leap 15.5 (src): qemu-linux-user-7.1.0-150500.49.6.1, qemu-7.1.0-150500.49.6.1 Basesystem Module 15-SP5 (src): qemu-7.1.0-150500.49.6.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
This should be done, handing it back
SUSE-SU-2023:3234-1: An update that solves three vulnerabilities can now be installed. Category: security (important) Bug References: 1212968, 1213001, 1213414 CVE References: CVE-2023-2861, CVE-2023-3255, CVE-2023-3301 Sources used: openSUSE Leap 15.4 (src): qemu-linux-user-6.2.0-150400.37.20.1, qemu-6.2.0-150400.37.20.1 openSUSE Leap Micro 5.3 (src): qemu-6.2.0-150400.37.20.1 openSUSE Leap Micro 5.4 (src): qemu-6.2.0-150400.37.20.1 SUSE Linux Enterprise Micro for Rancher 5.3 (src): qemu-6.2.0-150400.37.20.1 SUSE Linux Enterprise Micro 5.3 (src): qemu-6.2.0-150400.37.20.1 SUSE Linux Enterprise Micro for Rancher 5.4 (src): qemu-6.2.0-150400.37.20.1 SUSE Linux Enterprise Micro 5.4 (src): qemu-6.2.0-150400.37.20.1 Basesystem Module 15-SP4 (src): qemu-6.2.0-150400.37.20.1 Server Applications Module 15-SP4 (src): qemu-6.2.0-150400.37.20.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
This is an autogenerated message for OBS integration: This bug (1213001) was mentioned in https://build.opensuse.org/request/show/1103082 Factory / qemu
This is an autogenerated message for OBS integration: This bug (1213001) was mentioned in https://build.opensuse.org/request/show/1110620 Factory / qemu
SUSE-SU-2023:3082-2: An update that solves four vulnerabilities and has two security fixes can now be installed. Category: security (important) Bug References: 1179993, 1181740, 1207205, 1212968, 1213001, 1213414 CVE References: CVE-2023-0330, CVE-2023-2861, CVE-2023-3255, CVE-2023-3301 Sources used: SUSE Linux Enterprise Micro 5.5 (src): qemu-7.1.0-150500.49.6.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Done, closing.