Bug 1203788 - (CVE-2022-3165) VUL-0: CVE-2022-3165: qemu,kvm: integer underflow in vnc_client_cut_text_ext() leads to CPU exhaustion
(CVE-2022-3165)
VUL-0: CVE-2022-3165: qemu,kvm: integer underflow in vnc_client_cut_text_ext(...
Status: NEW
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: E-mail List
Security Team bot
https://smash.suse.de/issue/343578/
CVSSv3.1:SUSE:CVE-2022-3165:6.5:(AV:N...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2022-09-27 11:12 UTC by Carlos López
Modified: 2023-02-01 14:09 UTC (History)
4 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---
thomas.leroy: needinfo? (kvm-bugs)


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Carlos López 2022-09-27 11:12:54 UTC
rh#2129739

An integer underflow issue was found in the QEMU VNC server while processing ClientCutText messages in the extended format [1]. A malicious client could use this flaw to make QEMU unresponsive by sending a specially crafted payload message, resulting in a denial of service condition.

[1] https://github.com/rfbproto/rfbproto/blob/master/rfbproto.rst#extended-clipboard-pseudo-encoding

References:
https://bugzilla.redhat.com/show_bug.cgi?id=2129739
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3165
Comment 1 Carlos López 2022-09-27 11:16:47 UTC
Clipboard support was added in 0bf41cab93e5c72dcda7 ("ui/vnc: clipboard support"), which is only present in SUSE:SLE-15-SP4:Update and Factory, so only those are affected.

Proposed patch (not merged yet):
https://lists.nongnu.org/archive/html/qemu-devel/2022-09/msg03948.html
Comment 4 Thomas Leroy 2022-12-27 13:30:57 UTC
Any update please? :)