CVE-2015-1779

Опубликовано: 23 мар. 2015

Источник: redhat

CVSS2: 5.7

EPSS Низкий

Описание

The VNC websocket frame decoder in QEMU allows remote attackers to cause a denial of service (memory and CPU consumption) via a large (1) websocket payload or (2) HTTP headers section.

It was found that the QEMU's websocket frame decoder processed incoming frames without limiting resources used to process the header and the payload. An attacker able to access a guest's VNC console could use this flaw to trigger a denial of service on the host by exhausting all available memory and CPU.

Отчет

This issue did not affect the kvm and qemu-kvm packages as shipped with Red Hat Enterprise Linux 5 and 6.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 5	kvm	Not affected
Red Hat Enterprise Linux 6	qemu-kvm	Not affected
Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 6	qemu-kvm-rhev	Not affected
Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7	qemu-kvm-rhev	Affected
Red Hat Enterprise Linux OpenStack Platform 6 (Juno)	qemu-kvm-rhev	Affected
Red Hat OpenStack Platform 4	qemu-kvm-rhev	Not affected
Red Hat Enterprise Linux 7	qemu-kvm	Fixed	RHSA-2015:1943	27.10.2015
RHEV 3.X Hypervisor and Agents for RHEL-7	qemu-kvm-rhev	Fixed	RHSA-2015:1931	26.10.2015

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-770

https://bugzilla.redhat.com/show_bug.cgi?id=1199572qemu: vnc: insufficient resource limiting in VNC websockets decoder

EPSS

Процентиль: 89%

0.05081

Низкий

5.7 Medium

CVSS2

Связанные уязвимости

CVE-2015-1779

CVSS3: 8.6

ubuntu

больше 9 лет назад

The VNC websocket frame decoder in QEMU allows remote attackers to cause a denial of service (memory and CPU consumption) via a large (1) websocket payload or (2) HTTP headers section.

CVE-2015-1779

CVSS3: 8.6

nvd

больше 9 лет назад

The VNC websocket frame decoder in QEMU allows remote attackers to cause a denial of service (memory and CPU consumption) via a large (1) websocket payload or (2) HTTP headers section.

CVE-2015-1779

CVSS3: 8.6

debian

больше 9 лет назад

The VNC websocket frame decoder in QEMU allows remote attackers to cau ...

GHSA-cmjj-4jjr-c8vv

CVSS3: 8.6

github

больше 3 лет назад

The VNC websocket frame decoder in QEMU allows remote attackers to cause a denial of service (memory and CPU consumption) via a large (1) websocket payload or (2) HTTP headers section.

ELSA-2015-1943

oracle-oval

почти 10 лет назад

ELSA-2015-1943: qemu-kvm security update (MODERATE)

EPSS

Процентиль: 89%

0.05081

Низкий

5.7 Medium

CVSS2