Bugzilla – Bug 1203788
VUL-0: CVE-2022-3165: qemu,kvm: integer underflow in vnc_client_cut_text_ext() leads to CPU exhaustion
Last modified: 2023-02-01 14:09:02 UTC
An integer underflow issue was found in the QEMU VNC server while processing ClientCutText messages in the extended format . A malicious client could use this flaw to make QEMU unresponsive by sending a specially crafted payload message, resulting in a denial of service condition.
Clipboard support was added in 0bf41cab93e5c72dcda7 ("ui/vnc: clipboard support"), which is only present in SUSE:SLE-15-SP4:Update and Factory, so only those are affected.
Proposed patch (not merged yet):
Any update please? :)