CVE-2022-3165

Summary

An integer underflow issue was found in the QEMU VNC server while processing ClientCutText messages in the extended format. A malicious client could use this flaw to make QEMU unresponsive by sending a specially crafted payload message, resulting in a denial of service.

Affected Software

VendorProductVersion RangeStatus
n/aQEMUAffected 6.1.0 and later. Will be fixed in 7.2.0-rc0.affected

Weaknesses

  • CWE-191: CWE-191

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References