A flaw was found in the QEMU built-in VNC server. When a client connects to the VNC server, QEMU checks whether the current number of connections crosses a certain threshold and if so, cleans up the previous connection. If the previous connection happens to be in the handshake phase and fails, QEMU cleans up the connection again, resulting in a NULL pointer dereference issue. This could allow a remote unauthenticated client to cause a denial of service.
Conclusion & alert: CVE-2023-3354 is rated Moderate Risk (55.7/100): CVSS High severity, with medium exploitation likelihood (EPSS 1.59%). Mandatory action: Review affected assets and schedule remediation.
Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.
EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).
| # | Date | Old EPSS score | New EPSS score | Delta (New - Old) |
|---|---|---|---|---|
| 1 | 2026-06-30 | 1.34% | 1.59% | +0.26% |
| 2 | 2026-06-15 | 0.07% | 1.34% | +1.26% |
| 3 | 2025-11-21 | — | 0.07% | — |
Full EPSS history (10 records total)
CVSS metrics for this CVE.
| Base score | Version | Severity | Vector | Exploitability | Impact | Score source |
|---|---|---|---|---|---|---|
| 7.5 | 3.1 | HIGH |
|
3.9 | 3.6 | [email protected] |
| 7.5 | 3.1 | HIGH |
|
3.9 | 3.6 | [email protected] |
| vendor | priority | summary | link |
|---|---|---|---|
alpine
|
— | CVE-2023-3354: 1 source package rows (qemu); 59 state rows across 3 repos (3.18-community, 3.22-community, edge-community); fixed 0, open 59. | https://security.alpinelinux.org/vuln/CVE-2023-3354 |
debian
|
not yet assigned | CVE-2023-3354 not yet assigned priority: Debian including 1 source packages (qemu), 5 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 5. | https://security-tracker.debian.org/tracker/CVE-2023-3354 |
redhat
|
high | — | https://access.redhat.com/security/cve/CVE-2023-3354 |
suse
|
high | — | https://www.suse.com/security/cve/CVE-2023-3354/ |
ubuntu
|
low | CVE-2023-3354 low priority: Ubuntu including 1 source packages (qemu), 13 status rows across 13 suites (bionic, focal, jammy, kinetic, lunar, mantic, noble, oracular, plucky, questing, trusty, upstream, xenial): not-affected 5, needed 3, released 3, ignored 1, needs-triage 1. | https://ubuntu.com/security/CVE-2023-3354 |
| Vendor | Product | Version | Raw CPE |
|---|---|---|---|
| qemu | qemu | < 8.1.0 | cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:* |
| qemu | qemu | 8.1.0 | cpe:2.3:a:qemu:qemu:8.1.0:rc0:*:*:*:*:*:* |
| qemu | qemu | 8.1.0 | cpe:2.3:a:qemu:qemu:8.1.0:rc1:*:*:*:*:*:* |
| redhat | openstack_platform | 13.0 | cpe:2.3:a:redhat:openstack_platform:13.0:*:*:*:*:*:*:* |
| redhat | enterprise_linux | 7.0 | cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:* |
| redhat | enterprise_linux | 8.0 | cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:-:*:*:* |
| redhat | enterprise_linux | 8.0 | cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:advanced_virtualization:*:*:* |
| redhat | enterprise_linux | 9.0 | cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:* |
| fedoraproject | fedora | 38 | cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:* |