Unrated severityNVD Advisory· Published Oct 17, 2022· Updated May 14, 2025
CVE-2022-3165
CVE-2022-3165
Description
An integer underflow issue was found in the QEMU VNC server while processing ClientCutText messages in the extended format. A malicious client could use this flaw to make QEMU unresponsive by sending a specially crafted payload message, resulting in a denial of service.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
149- osv-coords147 versionspkg:rpm/almalinux/hivexpkg:rpm/almalinux/hivex-develpkg:rpm/almalinux/libguestfspkg:rpm/almalinux/libguestfs-appliancepkg:rpm/almalinux/libguestfs-bash-completionpkg:rpm/almalinux/libguestfs-develpkg:rpm/almalinux/libguestfs-gfs2pkg:rpm/almalinux/libguestfs-gobjectpkg:rpm/almalinux/libguestfs-gobject-develpkg:rpm/almalinux/libguestfs-inspect-iconspkg:rpm/almalinux/libguestfs-javapkg:rpm/almalinux/libguestfs-java-develpkg:rpm/almalinux/libguestfs-javadocpkg:rpm/almalinux/libguestfs-man-pages-japkg:rpm/almalinux/libguestfs-man-pages-ukpkg:rpm/almalinux/libguestfs-rescuepkg:rpm/almalinux/libguestfs-rsyncpkg:rpm/almalinux/libguestfs-toolspkg:rpm/almalinux/libguestfs-tools-cpkg:rpm/almalinux/libguestfs-winsupportpkg:rpm/almalinux/libguestfs-xfspkg:rpm/almalinux/libiscsipkg:rpm/almalinux/libiscsi-develpkg:rpm/almalinux/libiscsi-utilspkg:rpm/almalinux/libnbdpkg:rpm/almalinux/libnbd-bash-completionpkg:rpm/almalinux/libnbd-develpkg:rpm/almalinux/libtpmspkg:rpm/almalinux/libtpms-develpkg:rpm/almalinux/libvirtpkg:rpm/almalinux/libvirt-clientpkg:rpm/almalinux/libvirt-daemonpkg:rpm/almalinux/libvirt-daemon-config-networkpkg:rpm/almalinux/libvirt-daemon-config-nwfilterpkg:rpm/almalinux/libvirt-daemon-driver-interfacepkg:rpm/almalinux/libvirt-daemon-driver-networkpkg:rpm/almalinux/libvirt-daemon-driver-nodedevpkg:rpm/almalinux/libvirt-daemon-driver-nwfilterpkg:rpm/almalinux/libvirt-daemon-driver-qemupkg:rpm/almalinux/libvirt-daemon-driver-secretpkg:rpm/almalinux/libvirt-daemon-driver-storagepkg:rpm/almalinux/libvirt-daemon-driver-storage-corepkg:rpm/almalinux/libvirt-daemon-driver-storage-diskpkg:rpm/almalinux/libvirt-daemon-driver-storage-glusterpkg:rpm/almalinux/libvirt-daemon-driver-storage-iscsipkg:rpm/almalinux/libvirt-daemon-driver-storage-iscsi-directpkg:rpm/almalinux/libvirt-daemon-driver-storage-logicalpkg:rpm/almalinux/libvirt-daemon-driver-storage-mpathpkg:rpm/almalinux/libvirt-daemon-driver-storage-rbdpkg:rpm/almalinux/libvirt-daemon-driver-storage-scsipkg:rpm/almalinux/libvirt-daemon-kvmpkg:rpm/almalinux/libvirt-dbuspkg:rpm/almalinux/libvirt-develpkg:rpm/almalinux/libvirt-docspkg:rpm/almalinux/libvirt-libspkg:rpm/almalinux/libvirt-lock-sanlockpkg:rpm/almalinux/libvirt-nsspkg:rpm/almalinux/libvirt-wiresharkpkg:rpm/almalinux/lua-guestfspkg:rpm/almalinux/nbdfusepkg:rpm/almalinux/nbdkitpkg:rpm/almalinux/nbdkit-bash-completionpkg:rpm/almalinux/nbdkit-basic-filterspkg:rpm/almalinux/nbdkit-basic-pluginspkg:rpm/almalinux/nbdkit-curl-pluginpkg:rpm/almalinux/nbdkit-develpkg:rpm/almalinux/nbdkit-example-pluginspkg:rpm/almalinux/nbdkit-gzip-filterpkg:rpm/almalinux/nbdkit-gzip-pluginpkg:rpm/almalinux/nbdkit-linuxdisk-pluginpkg:rpm/almalinux/nbdkit-nbd-pluginpkg:rpm/almalinux/nbdkit-python-pluginpkg:rpm/almalinux/nbdkit-serverpkg:rpm/almalinux/nbdkit-ssh-pluginpkg:rpm/almalinux/nbdkit-tar-filterpkg:rpm/almalinux/nbdkit-tar-pluginpkg:rpm/almalinux/nbdkit-tmpdisk-pluginpkg:rpm/almalinux/nbdkit-vddk-pluginpkg:rpm/almalinux/nbdkit-xz-filterpkg:rpm/almalinux/netcfpkg:rpm/almalinux/netcf-develpkg:rpm/almalinux/netcf-libspkg:rpm/almalinux/ocaml-hivexpkg:rpm/almalinux/ocaml-hivex-develpkg:rpm/almalinux/ocaml-libguestfspkg:rpm/almalinux/ocaml-libguestfs-develpkg:rpm/almalinux/ocaml-libnbdpkg:rpm/almalinux/ocaml-libnbd-develpkg:rpm/almalinux/perl-hivexpkg:rpm/almalinux/perl-Sys-Guestfspkg:rpm/almalinux/perl-Sys-Virtpkg:rpm/almalinux/python3-hivexpkg:rpm/almalinux/python3-libguestfspkg:rpm/almalinux/python3-libnbdpkg:rpm/almalinux/python3-libvirtpkg:rpm/almalinux/qemu-guest-agentpkg:rpm/almalinux/qemu-imgpkg:rpm/almalinux/qemu-kvmpkg:rpm/almalinux/qemu-kvm-audio-papkg:rpm/almalinux/qemu-kvm-block-curlpkg:rpm/almalinux/qemu-kvm-block-glusterpkg:rpm/almalinux/qemu-kvm-block-iscsipkg:rpm/almalinux/qemu-kvm-block-rbdpkg:rpm/almalinux/qemu-kvm-block-sshpkg:rpm/almalinux/qemu-kvm-commonpkg:rpm/almalinux/qemu-kvm-corepkg:rpm/almalinux/qemu-kvm-device-display-virtio-gpupkg:rpm/almalinux/qemu-kvm-device-display-virtio-gpu-ccwpkg:rpm/almalinux/qemu-kvm-device-display-virtio-gpu-pcipkg:rpm/almalinux/qemu-kvm-device-display-virtio-vgapkg:rpm/almalinux/qemu-kvm-device-usb-hostpkg:rpm/almalinux/qemu-kvm-device-usb-redirectpkg:rpm/almalinux/qemu-kvm-docspkg:rpm/almalinux/qemu-kvm-hw-usbredirpkg:rpm/almalinux/qemu-kvm-testspkg:rpm/almalinux/qemu-kvm-toolspkg:rpm/almalinux/qemu-kvm-ui-egl-headlesspkg:rpm/almalinux/qemu-kvm-ui-openglpkg:rpm/almalinux/qemu-kvm-ui-spicepkg:rpm/almalinux/qemu-pr-helperpkg:rpm/almalinux/ruby-hivexpkg:rpm/almalinux/ruby-libguestfspkg:rpm/almalinux/seabiospkg:rpm/almalinux/seabios-binpkg:rpm/almalinux/seavgabios-binpkg:rpm/almalinux/sgabiospkg:rpm/almalinux/sgabios-binpkg:rpm/almalinux/SLOFpkg:rpm/almalinux/superminpkg:rpm/almalinux/supermin-develpkg:rpm/almalinux/swtpmpkg:rpm/almalinux/swtpm-develpkg:rpm/almalinux/swtpm-libspkg:rpm/almalinux/swtpm-toolspkg:rpm/almalinux/swtpm-tools-pkcs11pkg:rpm/almalinux/virt-dibpkg:rpm/almalinux/virt-v2vpkg:rpm/almalinux/virt-v2v-bash-completionpkg:rpm/almalinux/virt-v2v-man-pages-japkg:rpm/almalinux/virt-v2v-man-pages-ukpkg:rpm/opensuse/qemu&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/qemu&distro=openSUSE%20Leap%20Micro%205.3pkg:rpm/opensuse/qemu-linux-user&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/qemu-testsuite&distro=openSUSE%20Leap%2015.4pkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20Micro%205.3pkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP4pkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP4
< 1.3.18-23.module_el8.6.0+2880+7d9e3703+ 146 more
- (no CPE)range: < 1.3.18-23.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 1.3.18-23.module_el8.6.0+3161+a07c0ea5
- (no CPE)range: < 1:1.44.0-9.module_el8.7.0+3493+5ed0bd1c.alma
- (no CPE)range: < 1:1.44.0-9.module_el8.7.0+3493+5ed0bd1c.alma
- (no CPE)range: < 1:1.44.0-9.module_el8.7.0+3493+5ed0bd1c.alma
- (no CPE)range: < 1:1.44.0-9.module_el8.7.0+3493+5ed0bd1c.alma
- (no CPE)range: < 1:1.44.0-9.module_el8.7.0+3493+5ed0bd1c.alma
- (no CPE)range: < 1:1.44.0-9.module_el8.7.0+3493+5ed0bd1c.alma
- (no CPE)range: < 1:1.44.0-9.module_el8.7.0+3493+5ed0bd1c.alma
- (no CPE)range: < 1:1.44.0-9.module_el8.7.0+3493+5ed0bd1c.alma
- (no CPE)range: < 1:1.44.0-9.module_el8.7.0+3493+5ed0bd1c.alma
- (no CPE)range: < 1:1.44.0-9.module_el8.7.0+3493+5ed0bd1c.alma
- (no CPE)range: < 1:1.44.0-9.module_el8.7.0+3493+5ed0bd1c.alma
- (no CPE)range: < 1:1.44.0-9.module_el8.7.0+3493+5ed0bd1c.alma
- (no CPE)range: < 1:1.44.0-9.module_el8.7.0+3493+5ed0bd1c.alma
- (no CPE)range: < 1:1.44.0-9.module_el8.7.0+3493+5ed0bd1c.alma
- (no CPE)range: < 1:1.44.0-9.module_el8.7.0+3493+5ed0bd1c.alma
- (no CPE)range: < 1:1.44.0-9.module_el8.7.0+3493+5ed0bd1c.alma
- (no CPE)range: < 1:1.44.0-9.module_el8.7.0+3493+5ed0bd1c.alma
- (no CPE)range: < 8.8-1.module_el8.8.0+3485+7cffc4a3
- (no CPE)range: < 1:1.44.0-9.module_el8.7.0+3493+5ed0bd1c.alma
- (no CPE)range: < 1.18.0-8.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 1.18.0-8.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 1.18.0-8.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 1.6.0-5.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 1.6.0-5.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 1.6.0-5.module_el8.6.0+3161+a07c0ea5
- (no CPE)range: < 0.9.1-2.20211126git1ff6fe1f43.module_el8.8.0+3553+bd08596b
- (no CPE)range: < 0.9.1-2.20211126git1ff6fe1f43.module_el8.8.0+3553+bd08596b
- (no CPE)range: < 8.0.0-19.module_el8.8.0+3553+bd08596b
- (no CPE)range: < 8.0.0-19.module_el8.8.0+3553+bd08596b
- (no CPE)range: < 8.0.0-19.module_el8.8.0+3553+bd08596b
- (no CPE)range: < 8.0.0-19.module_el8.8.0+3553+bd08596b
- (no CPE)range: < 8.0.0-19.module_el8.8.0+3553+bd08596b
- (no CPE)range: < 8.0.0-19.module_el8.8.0+3553+bd08596b
- (no CPE)range: < 8.0.0-19.module_el8.8.0+3553+bd08596b
- (no CPE)range: < 8.0.0-19.module_el8.8.0+3553+bd08596b
- (no CPE)range: < 8.0.0-19.module_el8.8.0+3553+bd08596b
- (no CPE)range: < 8.0.0-19.module_el8.8.0+3553+bd08596b
- (no CPE)range: < 8.0.0-19.module_el8.8.0+3553+bd08596b
- (no CPE)range: < 8.0.0-19.module_el8.8.0+3553+bd08596b
- (no CPE)range: < 8.0.0-19.module_el8.8.0+3553+bd08596b
- (no CPE)range: < 8.0.0-19.module_el8.8.0+3553+bd08596b
- (no CPE)range: < 8.0.0-19.module_el8.8.0+3553+bd08596b
- (no CPE)range: < 8.0.0-19.module_el8.8.0+3553+bd08596b
- (no CPE)range: < 8.0.0-19.module_el8.8.0+3553+bd08596b
- (no CPE)range: < 8.0.0-19.module_el8.8.0+3553+bd08596b
- (no CPE)range: < 8.0.0-19.module_el8.8.0+3553+bd08596b
- (no CPE)range: < 8.0.0-19.module_el8.8.0+3553+bd08596b
- (no CPE)range: < 8.0.0-19.module_el8.8.0+3553+bd08596b
- (no CPE)range: < 8.0.0-19.module_el8.8.0+3553+bd08596b
- (no CPE)range: < 1.3.0-2.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 8.0.0-19.module_el8.8.0+3553+bd08596b
- (no CPE)range: < 8.0.0-19.module_el8.8.0+3553+bd08596b
- (no CPE)range: < 8.0.0-19.module_el8.8.0+3553+bd08596b
- (no CPE)range: < 8.0.0-19.module_el8.8.0+3553+bd08596b
- (no CPE)range: < 8.0.0-19.module_el8.8.0+3553+bd08596b
- (no CPE)range: < 8.0.0-19.module_el8.8.0+3553+bd08596b
- (no CPE)range: < 1:1.44.0-9.module_el8.7.0+3493+5ed0bd1c.alma
- (no CPE)range: < 1.6.0-5.module_el8.6.0+3161+a07c0ea5
- (no CPE)range: < 1.24.0-5.module_el8.8.0+3485+7cffc4a3
- (no CPE)range: < 1.24.0-5.module_el8.8.0+3485+7cffc4a3
- (no CPE)range: < 1.24.0-5.module_el8.8.0+3485+7cffc4a3
- (no CPE)range: < 1.24.0-5.module_el8.8.0+3485+7cffc4a3
- (no CPE)range: < 1.24.0-5.module_el8.8.0+3485+7cffc4a3
- (no CPE)range: < 1.24.0-5.module_el8.8.0+3485+7cffc4a3
- (no CPE)range: < 1.24.0-5.module_el8.8.0+3485+7cffc4a3
- (no CPE)range: < 1.24.0-5.module_el8.8.0+3485+7cffc4a3
- (no CPE)range: < 1.24.0-5.module_el8.8.0+3485+7cffc4a3
- (no CPE)range: < 1.24.0-5.module_el8.8.0+3485+7cffc4a3
- (no CPE)range: < 1.24.0-5.module_el8.8.0+3485+7cffc4a3
- (no CPE)range: < 1.24.0-5.module_el8.8.0+3485+7cffc4a3
- (no CPE)range: < 1.24.0-5.module_el8.8.0+3485+7cffc4a3
- (no CPE)range: < 1.24.0-5.module_el8.8.0+3485+7cffc4a3
- (no CPE)range: < 1.24.0-5.module_el8.8.0+3485+7cffc4a3
- (no CPE)range: < 1.24.0-5.module_el8.8.0+3485+7cffc4a3
- (no CPE)range: < 1.24.0-5.module_el8.8.0+3485+7cffc4a3
- (no CPE)range: < 1.24.0-5.module_el8.8.0+3485+7cffc4a3
- (no CPE)range: < 1.24.0-5.module_el8.8.0+3485+7cffc4a3
- (no CPE)range: < 0.2.8-12.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 0.2.8-12.module_el8.6.0+3161+a07c0ea5
- (no CPE)range: < 0.2.8-12.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 1.3.18-23.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 1.3.18-23.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 1:1.44.0-9.module_el8.7.0+3493+5ed0bd1c.alma
- (no CPE)range: < 1:1.44.0-9.module_el8.7.0+3493+5ed0bd1c.alma
- (no CPE)range: < 1.6.0-5.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 1.6.0-5.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 1.3.18-23.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 1:1.44.0-9.module_el8.7.0+3493+5ed0bd1c.alma
- (no CPE)range: < 8.0.0-1.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 1.3.18-23.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 1:1.44.0-9.module_el8.7.0+3493+5ed0bd1c.alma
- (no CPE)range: < 1.6.0-5.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 8.0.0-2.module_el8.7.0+3346+68867adb
- (no CPE)range: < 17:7.2.0-14.el9_2
- (no CPE)range: < 17:7.2.0-14.el9_2
- (no CPE)range: < 17:7.2.0-14.el9_2
- (no CPE)range: < 17:7.2.0-14.el9_2
- (no CPE)range: < 17:7.2.0-14.el9_2
- (no CPE)range: < 15:6.2.0-32.module_el8.8.0+3553+bd08596b
- (no CPE)range: < 15:6.2.0-32.module_el8.8.0+3553+bd08596b
- (no CPE)range: < 17:7.2.0-14.el9_2
- (no CPE)range: < 15:6.2.0-32.module_el8.8.0+3553+bd08596b
- (no CPE)range: < 17:7.2.0-14.el9_2
- (no CPE)range: < 17:7.2.0-14.el9_2
- (no CPE)range: < 17:7.2.0-14.el9_2
- (no CPE)range: < 17:7.2.0-14.el9_2
- (no CPE)range: < 17:7.2.0-14.el9_2
- (no CPE)range: < 17:7.2.0-14.el9_2
- (no CPE)range: < 17:7.2.0-14.el9_2
- (no CPE)range: < 17:7.2.0-14.el9_2
- (no CPE)range: < 17:7.2.0-14.el9_2
- (no CPE)range: < 15:6.2.0-32.module_el8.8.0+3553+bd08596b
- (no CPE)range: < 15:6.2.0-32.module_el8.8.0+3553+bd08596b
- (no CPE)range: < 17:7.2.0-14.el9_2
- (no CPE)range: < 17:7.2.0-14.el9_2
- (no CPE)range: < 17:7.2.0-14.el9_2
- (no CPE)range: < 15:6.2.0-32.module_el8.8.0+3553+bd08596b
- (no CPE)range: < 17:7.2.0-14.el9_2
- (no CPE)range: < 1.3.18-23.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 1:1.44.0-9.module_el8.7.0+3493+5ed0bd1c.alma
- (no CPE)range: < 1.16.0-3.module_el8.7.0+3346+68867adb
- (no CPE)range: < 1.16.0-3.module_el8.7.0+3346+68867adb
- (no CPE)range: < 1.16.0-3.module_el8.7.0+3346+68867adb
- (no CPE)range: < 1:0.20170427git-3.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 1:0.20170427git-3.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 20210217-1.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 5.2.1-2.module_el8.7.0+3346+68867adb
- (no CPE)range: < 5.2.1-2.module_el8.7.0+3346+68867adb
- (no CPE)range: < 0.7.0-4.20211109gitb79fd91.module_el8.7.0+3346+68867adb
- (no CPE)range: < 0.7.0-4.20211109gitb79fd91.module_el8.7.0+3346+68867adb
- (no CPE)range: < 0.7.0-4.20211109gitb79fd91.module_el8.7.0+3346+68867adb
- (no CPE)range: < 0.7.0-4.20211109gitb79fd91.module_el8.7.0+3346+68867adb
- (no CPE)range: < 0.7.0-4.20211109gitb79fd91.module_el8.7.0+3346+68867adb
- (no CPE)range: < 1:1.44.0-9.module_el8.7.0+3493+5ed0bd1c.alma
- (no CPE)range: < 1:1.42.0-22.module_el8.8.0+3553+bd08596b
- (no CPE)range: < 1:1.42.0-22.module_el8.8.0+3553+bd08596b
- (no CPE)range: < 1:1.42.0-22.module_el8.8.0+3553+bd08596b
- (no CPE)range: < 1:1.42.0-22.module_el8.8.0+3553+bd08596b
- (no CPE)range: < 6.2.0-150400.37.11.1
- (no CPE)range: < 6.2.0-150400.37.11.1
- (no CPE)range: < 6.2.0-150400.37.11.1
- (no CPE)range: < 6.2.0-150400.37.11.2
- (no CPE)range: < 6.2.0-150400.37.11.1
- (no CPE)range: < 6.2.0-150400.37.11.1
- (no CPE)range: < 6.2.0-150400.37.11.1
Patches
Vulnerability mechanics
References
4- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I36LKZA7Z65J3LJU2P37LVTWDFTXBMPU/mitrevendor-advisory
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZTY7TVHX62OJWF6IOBCIGLR2N5K4QN3E/mitrevendor-advisory
- gitlab.com/qemu-project/qemu/-/commit/d307040b18mitre
- security.netapp.com/advisory/ntap-20221223-0006/mitre
News mentions
0No linked articles in our index yet.