Bug 1203788 - (CVE-2022-3165) VUL-0: CVE-2022-3165: qemu,kvm: integer underflow in vnc_client_cut_text_ext() leads to CPU exhaustion
VUL-0: CVE-2022-3165: qemu,kvm: integer underflow in vnc_client_cut_text_ext(...
Status: NEW
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
Other Other
: P3 - Medium : Normal
: ---
Assigned To: E-mail List
Security Team bot
Depends on:
  Show dependency treegraph
Reported: 2022-09-27 11:12 UTC by Carlos López
Modified: 2023-02-01 14:09 UTC (History)
4 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---
thomas.leroy: needinfo? (kvm-bugs)


Note You need to log in before you can comment on or make changes to this bug.
Description Carlos López 2022-09-27 11:12:54 UTC

An integer underflow issue was found in the QEMU VNC server while processing ClientCutText messages in the extended format [1]. A malicious client could use this flaw to make QEMU unresponsive by sending a specially crafted payload message, resulting in a denial of service condition.

[1] https://github.com/rfbproto/rfbproto/blob/master/rfbproto.rst#extended-clipboard-pseudo-encoding

Comment 1 Carlos López 2022-09-27 11:16:47 UTC
Clipboard support was added in 0bf41cab93e5c72dcda7 ("ui/vnc: clipboard support"), which is only present in SUSE:SLE-15-SP4:Update and Factory, so only those are affected.

Proposed patch (not merged yet):
Comment 4 Thomas Leroy 2022-12-27 13:30:57 UTC
Any update please? :)