{"api_version":"1","generated_at":"2026-04-22T21:38:44+00:00","cve":"CVE-2023-3354","urls":{"html":"https://cve.report/CVE-2023-3354","api":"https://cve.report/api/cve/CVE-2023-3354.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2023-3354","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2023-3354"},"summary":{"title":"CVE-2023-3354","description":"A flaw was found in the QEMU built-in VNC server. When a client connects to the VNC server, QEMU checks whether the current number of connections crosses a certain threshold and if so, cleans up the previous connection. If the previous connection happens to be in the handshake phase and fails, QEMU cleans up the connection again, resulting in a NULL pointer dereference issue. This could allow a remote unauthenticated client to cause a denial of service.","state":"PUBLIC","assigner":"secalert@redhat.com","published_at":"2023-07-11 17:15:00","updated_at":"2024-03-11 18:15:00"},"problem_types":["CWE-476"],"metrics":[],"references":[{"url":"https://lists.debian.org/debian-lts-announce/2024/03/msg00012.html","name":"https://lists.debian.org/debian-lts-announce/2024/03/msg00012.html","refsource":"","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/security/cve/CVE-2023-3354","name":"https://access.redhat.com/security/cve/CVE-2023-3354","refsource":"MISC","tags":[],"title":"cve-details","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2216478","name":"https://bugzilla.redhat.com/show_bug.cgi?id=2216478","refsource":"MISC","tags":[],"title":"2216478 – (CVE-2023-3354) CVE-2023-3354 QEMU: VNC: improper I/O watch removal in TLS handshake can lead to remote unauthenticated denial of service","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MURWGXDIF2WTDXV36T6HFJDBL632AO7R/","name":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MURWGXDIF2WTDXV36T6HFJDBL632AO7R/","refsource":"MISC","tags":[],"title":"[SECURITY] Fedora 38 Update: qemu-7.2.5-1.fc38 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2023-3354","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-3354","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2023","cve_id":"3354","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"38","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"3354","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"qemu","cpe5":"qemu","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"3354","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"qemu","cpe5":"qemu","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"3354","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"qemu","cpe5":"qemu","cpe6":"8.1.0","cpe7":"rc0","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"3354","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"qemu","cpe5":"qemu","cpe6":"8.1.0","cpe7":"rc1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"3354","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux","cpe6":"7.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"3354","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux","cpe6":"8.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"-","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"3354","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux","cpe6":"8.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"advanced_virtualization","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"3354","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux","cpe6":"9.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"3354","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"openstack_platform","cpe6":"13.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2023-3354","qid":"160935","title":"Oracle Enterprise Linux Security Update for virt:ol and virt-devel:rhel (ELSA-2023-5264)"},{"cve":"CVE-2023-3354","qid":"160960","title":"Oracle Enterprise Linux Security Update for kvm_utils3 (ELSA-2023-12855)"},{"cve":"CVE-2023-3354","qid":"242071","title":"Red Hat Update for virt:rhel and virt-devel:rhel (RHSA-2023:5264)"},{"cve":"CVE-2023-3354","qid":"242077","title":"Red Hat Update for virt:rhel and virt-devel:rhel (RHSA-2023:5239)"},{"cve":"CVE-2023-3354","qid":"242144","title":"Red Hat Update for virt:rhel (RHSA-2023:5587)"},{"cve":"CVE-2023-3354","qid":"242190","title":"Red Hat Update for virt:rhel (RHSA-2023:5796)"},{"cve":"CVE-2023-3354","qid":"242262","title":"Red Hat Update for qemu-kvm (RHSA-2023:6227)"},{"cve":"CVE-2023-3354","qid":"242861","title":"Red Hat Update for virt:rhel and virt-devel:rhel (RHSA-2024:0404)"},{"cve":"CVE-2023-3354","qid":"378927","title":"Alibaba Cloud Linux Security Update for virt:rhel and virt-devel:rhel (ALINUX3-SA-2023:0125)"},{"cve":"CVE-2023-3354","qid":"6000518","title":"Debian Security Update for qemu (DLA 3759-1)"},{"cve":"CVE-2023-3354","qid":"673490","title":"EulerOS Security Update for qemu (EulerOS-SA-2023-2887)"},{"cve":"CVE-2023-3354","qid":"673611","title":"EulerOS Security Update for qemu-micro (EulerOS-SA-2023-3193)"},{"cve":"CVE-2023-3354","qid":"673823","title":"EulerOS Security Update for qemu (EulerOS-SA-2023-3153)"},{"cve":"CVE-2023-3354","qid":"673919","title":"EulerOS Security Update for qemu (EulerOS-SA-2023-2906)"},{"cve":"CVE-2023-3354","qid":"674008","title":"EulerOS Security Update for qemu-micro (EulerOS-SA-2023-3228)"},{"cve":"CVE-2023-3354","qid":"754898","title":"SUSE Enterprise Linux Security Update for qemu (SUSE-SU-2023:3721-1)"},{"cve":"CVE-2023-3354","qid":"754937","title":"SUSE Enterprise Linux Security Update for qemu (SUSE-SU-2023:3800-1)"},{"cve":"CVE-2023-3354","qid":"755084","title":"SUSE Enterprise Linux Security Update for qemu (SUSE-SU-2023:4056-1)"},{"cve":"CVE-2023-3354","qid":"755451","title":"SUSE Enterprise Linux Security Update for qemu (SUSE-SU-2023:4662-1)"},{"cve":"CVE-2023-3354","qid":"755817","title":"SUSE Enterprise Linux Security Update for qemu (SUSE-SU-2024:0589-1)"},{"cve":"CVE-2023-3354","qid":"907663","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for qemu (31659)"},{"cve":"CVE-2023-3354","qid":"907673","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for qemu (31659-1)"},{"cve":"CVE-2023-3354","qid":"941250","title":"AlmaLinux Security Update for qemu-kvm (ALSA-2023:5094)"},{"cve":"CVE-2023-3354","qid":"941271","title":"AlmaLinux Security Update for virt:rhel and virt-devel:rhel (ALSA-2023:5264)"}]},"source_records":{"cve_program":{"data_version":"4.0","data_type":"CVE","data_format":"MITRE","CVE_data_meta":{"ID":"CVE-2023-3354","ASSIGNER":"secalert@redhat.com","STATE":"PUBLIC"},"description":{"description_data":[{"lang":"eng","value":"A flaw was found in the QEMU built-in VNC server. When a client connects to the VNC server, QEMU checks whether the current number of connections crosses a certain threshold and if so, cleans up the previous connection. If the previous connection happens to be in the handshake phase and fails, QEMU cleans up the connection again, resulting in a NULL pointer dereference issue. This could allow a remote unauthenticated client to cause a denial of service."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"NULL Pointer Dereference","cweId":"CWE-476"}]}]},"affects":{"vendor":{"vendor_data":[{"vendor_name":"n/a","product":{"product_data":[{"product_name":"qemu","version":{"version_data":[{"version_value":"not down converted","x_cve_json_5_version_data":{"defaultStatus":"affected"}}]}}]}},{"vendor_name":"Red Hat","product":{"product_data":[{"product_name":"Red Hat Enterprise Linux 6","version":{"version_data":[{"version_value":"not down converted","x_cve_json_5_version_data":{"defaultStatus":"unaffected"}}]}},{"product_name":"Red Hat Enterprise Linux 7","version":{"version_data":[{"version_value":"not down converted","x_cve_json_5_version_data":{"defaultStatus":"unaffected"}},{"version_value":"not down converted","x_cve_json_5_version_data":{"defaultStatus":"affected"}}]}},{"product_name":"Red Hat Enterprise Linux 8","version":{"version_data":[{"version_value":"not down converted","x_cve_json_5_version_data":{"defaultStatus":"affected"}}]}},{"product_name":"Red Hat Enterprise Linux 8 Advanced Virtualization","version":{"version_data":[{"version_value":"not down converted","x_cve_json_5_version_data":{"defaultStatus":"affected"}}]}},{"product_name":"Red Hat Enterprise Linux 9","version":{"version_data":[{"version_value":"not down converted","x_cve_json_5_version_data":{"defaultStatus":"affected"}}]}},{"product_name":"Red Hat OpenStack Platform 13 (Queens)","version":{"version_data":[{"version_value":"not down converted","x_cve_json_5_version_data":{"defaultStatus":"affected"}}]}}]}},{"vendor_name":"Fedora","product":{"product_data":[{"product_name":"Fedora","version":{"version_data":[{"version_value":"not down converted","x_cve_json_5_version_data":{"defaultStatus":"affected"}}]}},{"product_name":"Extra Packages for Enterprise Linux","version":{"version_data":[{"version_value":"not down converted","x_cve_json_5_version_data":{"defaultStatus":"unaffected"}}]}}]}}]}},"references":{"reference_data":[{"url":"https://access.redhat.com/security/cve/CVE-2023-3354","refsource":"MISC","name":"https://access.redhat.com/security/cve/CVE-2023-3354"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2216478","refsource":"MISC","name":"https://bugzilla.redhat.com/show_bug.cgi?id=2216478"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MURWGXDIF2WTDXV36T6HFJDBL632AO7R/","refsource":"MISC","name":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MURWGXDIF2WTDXV36T6HFJDBL632AO7R/"}]},"credits":[{"lang":"en","value":"Red Hat would like to thank jiangyegen (Huawei Vulnerability Management Center) and yexiao7 (Huawei Vulnerability Management Center) for reporting this issue."}],"impact":{"cvss":[{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":7.5,"baseSeverity":"HIGH","confidentialityImpact":"NONE","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","version":"3.1"}]}},"nvd":{"publishedDate":"2023-07-11 17:15:00","lastModifiedDate":"2024-03-11 18:15:00","problem_types":["CWE-476"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH","baseScore":7.5,"baseSeverity":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*","versionEndExcluding":"8.1.0","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:qemu:qemu:8.1.0:rc1:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:qemu:qemu:8.1.0:rc0:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:advanced_virtualization:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:redhat:openstack_platform:13.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:-:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":null,"notes":[]}}}