Home > Vulnerability Database > CVE-2023-3354

Mend.io Vulnerability Database

CVE-2023-3354

Good to know:

Date: July 11, 2023

A flaw was found in the QEMU built-in VNC server. When a client connects to the VNC server, QEMU checks whether the current number of connections crosses a certain threshold and if so, cleans up the previous connection. If the previous connection happens to be in the handshake phase and fails, QEMU cleans up the connection again, resulting in a NULL pointer dereference issue. This could allow a remote unauthenticated client to cause a denial of service.

Language: C

Severity Score

7.5

Related Resources (7)

Url: https://security-tracker.debian.org/tracker/CVE-2023-3354

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-3354

Url: https://lists.debian.org/debian-lts-announce/2024/03/msg00012.html

Url: https://bugzilla.redhat.com/show_bug.cgi?id=2216478

Url: https://access.redhat.com/security/cve/CVE-2023-3354

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MURWGXDIF2WTDXV36T6HFJDBL632AO7R/

Url: https://www.mend.io/vulnerability-database/CVE-2023-3354

Severity Score

7.5

Weakness Type (CWE)

NULL Pointer Dereference

CWE-476

Top Fix

Upgrade Version

Upgrade to version v7.2.5,v8.0.4

Learn More

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2023-3354

Good to know:

Date: July 11, 2023

Language: C

Severity Score

Related Resources (7)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?