Vulnerabilities > CVE-2022-3165 - Integer Underflow (Wrap or Wraparound) vulnerability in multiple products
Attack vector
NETWORK Attack complexity
LOW Privileges required
LOW Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
An integer underflow issue was found in the QEMU VNC server while processing ClientCutText messages in the extended format. A malicious client could use this flaw to make QEMU unresponsive by sending a specially crafted payload message, resulting in a denial of service.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 28 | |
OS | 2 |
Common Weakness Enumeration (CWE)
References
- https://gitlab.com/qemu-project/qemu/-/commit/d307040b18
- https://security.netapp.com/advisory/ntap-20221223-0006/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I36LKZA7Z65J3LJU2P37LVTWDFTXBMPU/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZTY7TVHX62OJWF6IOBCIGLR2N5K4QN3E/