CVE-2023-6683

Updated: 2026-02-27 03:03:46.493604

Description:

A flaw was found in the QEMU built-in VNC server while processing ClientCutText messages. The qemu_clipboard_request() function can be reached before vnc_server_cut_text_caps() was called and had the chance to initialize the clipboard peer, leading to a NULL pointer dereference. This could allow a malicious authenticated VNC client to crash QEMU and trigger a denial of service.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x 0.0
CVSS Version 3.x MEDIUM 6.5

Status

OS name Project name Version Score Severity Status Errata Last updated

Statement
AlmaLinux 9.2 ESU qemu-kvm 7.2.0 6.5 MEDIUM Ignored 2025-10-11 00:20:41 This issue is a NULL-pointer dereference in QEMU’s VNC clipboard handling that only causes the QEM...
AlmaLinux 9.2 ESU hivex 1.3.21 6.5 MEDIUM Not Vulnerable 2025-03-25 03:21:27 This issue is a NULL-pointer dereference in QEMU’s VNC clipboard handling that only causes the QEM...
AlmaLinux 9.2 ESU libvirt 9.0.0 6.5 MEDIUM Not Vulnerable 2025-02-20 06:38:03 This issue is a NULL-pointer dereference in QEMU’s VNC clipboard handling that only causes the QEM...
CentOS 8.4 ELS hivex 1.3.18-21 6.5 MEDIUM Not Vulnerable 2025-03-25 03:21:27 Not affected: CVE-2023-6683 targets QEMU’s built‑in VNC server clipboard handling (ClientCutText...
CentOS 8.4 ELS libvirt 6.0.0-35.1 6.5 MEDIUM Not Vulnerable 2025-02-20 06:38:03 Not affected: CVE-2023-6683 targets QEMU’s built‑in VNC server clipboard handling (ClientCutText...
CentOS 8.5 ELS libvirt 6.0.0-37 6.5 MEDIUM Not Vulnerable 2025-02-20 06:38:03 Not affected: CVE-2023-6683 is a flaw in QEMU’s built-in VNC server (the qemu_clipboard_request() ...
CentOS 8.5 ELS hivex 1.3.18-21 6.5 MEDIUM Not Vulnerable 2025-03-25 03:21:27 Not affected: CVE-2023-6683 is a flaw in QEMU’s built-in VNC server (the qemu_clipboard_request() ...