Lucene search
HistoryJan 12, 2024 - 7:15 p.m.
CVE-2023-6683
cve-2023-6683
qemu
vnc server
null pointer dereference
denial of service
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
5.9 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
21.6%
A flaw was found in the QEMU built-in VNC server while processing ClientCutText messages. The qemu_clipboard_request() function can be reached before vnc_server_cut_text_caps() was called and had the chance to initialize the clipboard peer, leading to a NULL pointer dereference. This could allow a malicious authenticated VNC client to crash QEMU and trigger a denial of service.
Affected configurations
Node
qemuqemuRange6.1.0–9.0.0
Node
redhatenterprise_linuxMatch8.0
ORredhatenterprise_linuxMatch9.0
CNA Affected
[
{
"vendor": "Red Hat",
"product": "Red Hat Enterprise Linux 8",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "virt-devel:rhel",
"defaultStatus": "affected",
"versions": [
{
"version": "8100020240314161907.e155f54d",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"cpes": [
"cpe:/a:redhat:enterprise_linux:8::appstream",
"cpe:/a:redhat:enterprise_linux:8::crb"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Enterprise Linux 8",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "virt:rhel",
"defaultStatus": "affected",
"versions": [
{
"version": "8100020240314161907.e155f54d",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"cpes": [
"cpe:/a:redhat:enterprise_linux:8::appstream",
"cpe:/a:redhat:enterprise_linux:8::crb"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Enterprise Linux 9",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "qemu-kvm",
"defaultStatus": "affected",
"versions": [
{
"version": "17:8.2.0-11.el9_4",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::appstream"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Enterprise Linux 6",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "qemu-kvm",
"defaultStatus": "unaffected",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Enterprise Linux 7",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "qemu-kvm",
"defaultStatus": "unaffected",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Enterprise Linux 7",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "qemu-kvm-ma",
"defaultStatus": "unaffected",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Enterprise Linux 8 Advanced Virtualization",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "virt:av/qemu-kvm",
"defaultStatus": "unaffected",
"cpes": [
"cpe:/a:redhat:advanced_virtualization:8::el8"
]
}
]Related
veracode
veracode
NULL Pointer Dereference
2024-01-21 12:22:29
osv
osv
CVE-2023-6683
2024-01-12 19:15:11
Moderate: virt:rhel and virt-devel:rhel security and enhancement update
2024-06-14 13:59:30
Moderate: qemu-kvm security update
2024-04-30 00:00:00
prion
prion
Null pointer dereference
2024-01-12 19:15:00
cvelist
cvelist
alpinelinux
alpinelinux
CVE-2023-6683
2024-01-12 19:15:11
debiancve
debiancve
CVE-2023-6683
2024-01-12 19:15:11
ubuntucve
ubuntucve
CVE-2023-6683
2024-01-12 00:00:00
redhatcve
redhatcve
CVE-2023-6683
2024-01-12 19:01:05
nvd
nvd
CVE-2023-6683
2024-01-12 19:15:11
openvas
openvas
Huawei EulerOS: Security Advisory for qemu (EulerOS-SA-2024-1624)
2024-05-15 00:00:00
Huawei EulerOS: Security Advisory for qemu (EulerOS-SA-2024-1643)
2024-05-15 00:00:00
openSUSE: Security Advisory for qemu (SUSE-SU-2024:1438-1)
2024-04-27 00:00:00
nessus
nessus
EulerOS Virtualization 2.11.0 : qemu (EulerOS-SA-2024-1643)
2024-05-15 00:00:00
EulerOS Virtualization 2.11.1 : qemu (EulerOS-SA-2024-1624)
2024-05-15 00:00:00
RHEL 8 : virt:rhel and virt-devel:rhel (RHSA-2024:2962)
2024-05-23 00:00:00
oraclelinux
oraclelinux
virt:ol and virt-devel:rhel security and enhancement update
2024-05-24 00:00:00
qemu-kvm security update
2024-05-02 00:00:00
qemu-kvm security update
2024-06-03 00:00:00
rocky
rocky
virt:rhel and virt-devel:rhel security and enhancement update
2024-06-14 13:59:30
qemu-kvm security update
2024-05-10 14:32:42
redhat
redhat
(RHSA-2024:2962) Moderate: virt:rhel and virt-devel:rhel security and enhancement update
2024-05-22 06:35:12
(RHSA-2024:2135) Moderate: qemu-kvm security update
2024-04-30 06:14:50
almalinux
almalinux
Moderate: qemu-kvm security update
2024-04-30 00:00:00
redos
redos
ROS-20240625-04
2024-06-25 00:00:00
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
5.9 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
21.6%
Related for CVE-2023-6683