CVE-2023-6683 Information

Description

A flaw was found in the QEMU built-in VNC server while processing ClientCutText messages. The qemu_clipboard_request() function can be reached before vnc_server_cut_text_caps() was called and had the chance to initialize the clipboard peer leading to a NULL pointer dereference. This could allow a malicious authenticated VNC client to crash QEMU and trigger a denial of service.

Reference

https://access.redhat.com/security/cve/CVE-2023-6683 https://bugzilla.redhat.com/show_bug.cgi?id=2254825