Vulnerabilities > CVE-2022-3165 - Integer Underflow (Wrap or Wraparound) vulnerability in multiple products

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

qemu

fedoraproject

CWE-191

NVD

Published: 2022-10-17

Updated: 2023-11-07

Summary

An integer underflow issue was found in the QEMU VNC server while processing ClientCutText messages in the extended format. A malicious client could use this flaw to make QEMU unresponsive by sending a specially crafted payload message, resulting in a denial of service.

Vulnerable Configurations

Part	Description	Count
Application	Qemu Qemu Qemu 6.1.0 Qemu Qemu 6.1.50 Qemu Qemu 6.2.0 Qemu Qemu 6.2.0-7 Qemu Qemu 07-20-2020 Qemu Qemu 7.0.0 Qemu Qemu 7.1.0	28
OS	Fedoraproject Fedoraproject Fedora 36 Fedoraproject Fedora 37	2

Common Weakness Enumeration (CWE)

CWE-191 - Integer Underflow (Wrap or Wraparound)

References

https://gitlab.com/qemu-project/qemu/-/commit/d307040b18
https://security.netapp.com/advisory/ntap-20221223-0006/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I36LKZA7Z65J3LJU2P37LVTWDFTXBMPU/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZTY7TVHX62OJWF6IOBCIGLR2N5K4QN3E/