CVE-2015-1779

Опубликовано: 12 янв. 2016

Источник: debian

EPSS Низкий

Описание

The VNC websocket frame decoder in QEMU allows remote attackers to cause a denial of service (memory and CPU consumption) via a large (1) websocket payload or (2) HTTP headers section.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
qemu	fixed	1:2.3+dfsg-1		package
qemu	not-affected		wheezy	package
qemu	not-affected		squeeze	package
qemu-kvm	not-affected			package

Примечания

https://lists.gnu.org/archive/html/qemu-devel/2015-03/msg04894.html
Original patches have problem: https://lists.gnu.org/archive/html/qemu-devel/2015-03/msg04995.html
http://git.qemu.org/?p=qemu.git;a=commit;h=a2bebfd6e09d
http://git.qemu.org/?p=qemu.git;a=commit;h=2cdb5e142fb93

EPSS

Процентиль: 89%

0.05081

Низкий

Связанные уязвимости

CVE-2015-1779

CVSS3: 8.6

ubuntu

больше 9 лет назад

The VNC websocket frame decoder in QEMU allows remote attackers to cause a denial of service (memory and CPU consumption) via a large (1) websocket payload or (2) HTTP headers section.

CVE-2015-1779

redhat

больше 10 лет назад

The VNC websocket frame decoder in QEMU allows remote attackers to cause a denial of service (memory and CPU consumption) via a large (1) websocket payload or (2) HTTP headers section.

CVE-2015-1779

CVSS3: 8.6

nvd

больше 9 лет назад

The VNC websocket frame decoder in QEMU allows remote attackers to cause a denial of service (memory and CPU consumption) via a large (1) websocket payload or (2) HTTP headers section.

GHSA-cmjj-4jjr-c8vv

CVSS3: 8.6

github

больше 3 лет назад

The VNC websocket frame decoder in QEMU allows remote attackers to cause a denial of service (memory and CPU consumption) via a large (1) websocket payload or (2) HTTP headers section.

ELSA-2015-1943

oracle-oval

почти 10 лет назад

ELSA-2015-1943: qemu-kvm security update (MODERATE)

EPSS

Процентиль: 89%

0.05081

Низкий