CVE-2025-11234

by Fred · 03/10/2025

A flaw was found in QEMU. If the QIOChannelWebsock object is freed while it is waiting to complete a handshake, a GSource is leaked. This can lead to the callback firing later on and triggering a use-after-free in the use of the channel. This can be abused by a malicious client with network access to the VNC WebSocket port to cause a denial of service during the WebSocket handshake prior to the VNC client authentication.

More information : https://access.redhat.com/security/cve/CVE-2025-11234

CVE-2025-11234

Similar

Recent Posts

Categories

CVE-2025-11234

Share this:

Similar

Recent Posts

Categories

Tags