CVE-2023-3255

Advisory lineage Upstream: 0 Downstream: 10

Downstream

DEBIAN-CVE-2023-3255 MGASA-2024-0387 OPENSUSE-SU-2024:13082-1 RHSA-2024:2135 RHSA-2024:2962 SUSE-SU-2023:3082-1

Modified

Published: 13 Sept 2023, 16:12

Last modified:08 Nov 2025, 06:30

Vulnerability Summary

Overall Risk (default)

medium

26/100

CVSS Score

6.5 MEDIUM

v3.1 (cve.org)

EPSS Score

0.12% LOW

0% probability -0.01%

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

13 Sept 2023, 16:12

Published

Vulnerability first disclosed

08 Nov 2025, 06:30

Last Modified

Vulnerability information updated

Description

A flaw was found in the QEMU built-in VNC server while processing ClientCutText messages. A wrong exit condition may lead to an infinite loop when inflating an attacker controlled zlib buffer in the `inflate_buffer` function. This could allow a remote authenticated client who is able to send a clipboard to the VNC server to trigger a denial of service.

CVSS Metrics

v3.1•MEDIUM•Score: 6.5CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS Trends

Current EPSS score: 0.12%• Percentile: 30%

Techniques & Countermeasures

CWE-835•Loop with Unreachable Exit Condition ('Infinite Loop')
The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

Affected Systems

fedoraproject•fedora
38
qemu•qemu
≤ 8.0.3
redhat•enterprise_linux
8.0 | 9.0