Vulnerabilities > CVE-2023-3354 - NULL Pointer Dereference vulnerability in multiple products

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH
network
low complexity
qemu
redhat
fedoraproject
CWE-476

Summary

A flaw was found in the QEMU built-in VNC server. When a client connects to the VNC server, QEMU checks whether the current number of connections crosses a certain threshold and if so, cleans up the previous connection. If the previous connection happens to be in the handshake phase and fails, QEMU cleans up the connection again, resulting in a NULL pointer dereference issue. This could allow a remote unauthenticated client to cause a denial of service.

Vulnerable Configurations

Part Description Count
Application
Qemu
399
Application
Redhat
1
OS
Redhat
4
OS
Fedoraproject
1

Common Weakness Enumeration (CWE)