7.5

CVE-2023-3354

EPSS 0.13%
Veröffentlicht 11.07.2023 17:15:13
Zuletzt bearbeitet 21.11.2024 08:17:05
Quelle secalert@redhat.com
CVE-Watchlists
Login
Unerledigt
Login

Improper i/o watch removal in tls handshake can lead to remote unauthenticated denial of service

A flaw was found in the QEMU built-in VNC server. When a client connects to the VNC server, QEMU checks whether the current number of connections crosses a certain threshold and if so, cleans up the previous connection. If the previous connection happens to be in the handshake phase and fails, QEMU cleans up the connection again, resulting in a NULL pointer dereference issue. This could allow a remote unauthenticated client to cause a denial of service.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 7

NVD 9 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Qemu ≫ Qemu Version < 8.1.0

Qemu ≫ Qemu Version8.1.0 Updaterc0

Qemu ≫ Qemu Version8.1.0 Updaterc1

Redhat ≫ Openstack Platform Version13.0

Redhat ≫ Enterprise Linux Version7.0

Redhat ≫ Enterprise Linux Version8.0 SwEdition-

Redhat ≫ Enterprise Linux Version8.0 SwEditionadvanced_virtualization

Redhat ≫ Enterprise Linux Version9.0

Fedoraproject ≫ Fedora Version38

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.13%	0.313

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
secalert@redhat.com	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

https://access.redhat.com/security/cve/CVE-2023-3354

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=2216478

Patch

Issue Tracking

https://lists.debian.org/debian-lts-announce/2024/03/msg00012.html

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MURWGXDIF2WTDXV36T6HFJDBL632AO7R/

Mailing List

https://nvd.nist.gov/vuln/detail/CVE-2023-3354

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-3354

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-3354

EUVD