CVE-2023-3255: 
NixOS vulnerability analysis and mitigation

CVE-2023-3255 is a vulnerability discovered in the QEMU built-in VNC server's handling of ClientCutText messages. The vulnerability affects QEMU versions through 8.0.3 and was fixed in version 8.1.0-rc0. The flaw involves a wrong exit condition that can lead to an infinite loop when inflating an attacker-controlled zlib buffer in the inflate_buffer function (NVD, Debian Security).

The vulnerability exists in the vnc_client_cut_text_ext function within ui/vnc-clipboard.c, which calls inflate_buffer with an attacker-controlled buffer (size and data). The flaw was introduced in QEMU version 6.1.0-rc0 and was fixed by commit 35720b3d90866ed4c174eb35762e04a1b9e533d1 in version 8.0.4. The vulnerability has been assigned a CVSS v3.1 base score of 6.5 (MEDIUM) with vector CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (Red Hat Security, Debian Security).

When successfully exploited, this vulnerability allows a remote authenticated client with the ability to send clipboard data to the VNC server to trigger a denial of service condition. The infinite loop in the inflate_buffer function can cause the system to become unresponsive (NVD, NetApp Security).

The vulnerability has been fixed in QEMU version 8.1.0-rc0. Users are advised to upgrade to the patched version. Red Hat has released security updates addressing this vulnerability through RHSA-2024:2135 for RHEL 9 and RHSA-2024:2962 for RHEL 8 (Red Hat Security, Red Hat Security).