Bugzilla – Bug 1203788
VUL-0: CVE-2022-3165: qemu,kvm: integer underflow in vnc_client_cut_text_ext() leads to CPU exhaustion
Last modified: 2023-02-01 14:09:02 UTC
rh#2129739 An integer underflow issue was found in the QEMU VNC server while processing ClientCutText messages in the extended format [1]. A malicious client could use this flaw to make QEMU unresponsive by sending a specially crafted payload message, resulting in a denial of service condition. [1] https://github.com/rfbproto/rfbproto/blob/master/rfbproto.rst#extended-clipboard-pseudo-encoding References: https://bugzilla.redhat.com/show_bug.cgi?id=2129739 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3165
Clipboard support was added in 0bf41cab93e5c72dcda7 ("ui/vnc: clipboard support"), which is only present in SUSE:SLE-15-SP4:Update and Factory, so only those are affected. Proposed patch (not merged yet): https://lists.nongnu.org/archive/html/qemu-devel/2022-09/msg03948.html
Merged: https://gitlab.com/qemu-project/qemu/-/commit/d307040b18bfcb1393b910f1bae753d5c12a4dc7
Any update please? :)