An integer underflow issue was found in the QEMU VNC server while processing ClientCutText messages in the extended format. A malicious client could use this flaw to make QEMU unresponsive by sending a specially crafted payload message, resulting in a denial of service.
Weakness
The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Qemu | Qemu | 6.1.0 (including) | 7.1.0 (including) |
| Red Hat Enterprise Linux 8 | RedHat | virt-devel:rhel-8080020230410211546.fd72936b | * |
| Red Hat Enterprise Linux 8 | RedHat | virt:rhel-8080020230410211546.fd72936b | * |
| Red Hat Enterprise Linux 9 | RedHat | qemu-kvm-17:7.2.0-14.el9_2 | * |
| Qemu | Ubuntu | devel | * |
| Qemu | Ubuntu | jammy | * |
| Qemu | Ubuntu | kinetic | * |
| Qemu | Ubuntu | trusty | * |
| Qemu | Ubuntu | xenial | * |
References
- https://gitlab.com/qemu-project/qemu/-/commit/d307040b18
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I36LKZA7Z65J3LJU2P37LVTWDFTXBMPU/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZTY7TVHX62OJWF6IOBCIGLR2N5K4QN3E/
- https://security.netapp.com/advisory/ntap-20221223-0006/
- https://gitlab.com/qemu-project/qemu/-/commit/d307040b18
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I36LKZA7Z65J3LJU2P37LVTWDFTXBMPU/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZTY7TVHX62OJWF6IOBCIGLR2N5K4QN3E/
- https://security.netapp.com/advisory/ntap-20221223-0006/