Test ID:	1.3.6.1.4.1.25623.1.1.2.2023.3153
Category:	Huawei EulerOS Local Security Checks
Title:	Huawei EulerOS: Security Advisory for qemu (EulerOS-SA-2023-3153)
Summary:	The remote host is missing an update for the Huawei EulerOS 'qemu' package(s) announced via the EulerOS-SA-2023-3153 advisory.
Description:	Summary: The remote host is missing an update for the Huawei EulerOS 'qemu' package(s) announced via the EulerOS-SA-2023-3153 advisory. Vulnerability Insight: A flaw was found in the QEMU built-in VNC server. When a client connects to the VNC server, QEMU checks whether the current number of connections crosses a certain threshold and if so, cleans up the previous connection. If the previous connection happens to be in the handshake phase and fails, QEMU cleans up the connection again, resulting in a NULL pointer dereference issue. This could allow a remote unauthenticated client to cause a denial of service.(CVE-2023-3354) Affected Software/OS: 'qemu' package(s) on Huawei EulerOS V2.0SP8. Solution: Please install the updated package(s). CVSS Score: 7.8 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2023-3354 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MURWGXDIF2WTDXV36T6HFJDBL632AO7R/ RHBZ#2216478 https://bugzilla.redhat.com/show_bug.cgi?id=2216478 https://access.redhat.com/security/cve/CVE-2023-3354 https://lists.debian.org/debian-lts-announce/2024/03/msg00012.html
Copyright	Copyright (C) 2023 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.