Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2015-8504

Опубликовано: 03 дек. 2015
Источник: redhat
CVSS2: 6.3
EPSS Низкий

Описание

Qemu, when built with VNC display driver support, allows remote attackers to cause a denial of service (arithmetic exception and application crash) via crafted SetPixelFormat messages from a client.

An arithmetic-exception flaw was found in the QEMU emulator built with VNC display-driver support. The VNC server incorrectly handled 'SetPixelFormat' messages sent from clients. A privileged remote client could use this flaw to crash the guest resulting in denial of service.

Отчет

This issue does not affect the versions of the kvm and xen packages as shipped with Red Hat Enterprise Linux 5. This issue does not affect the versions of the qemu-kvm packages as shipped with Red Hat Enterprise Linux 6, and the Red Hat Enterprise Linux 6 based versions of qemu-kvm-rhev packages as shipped with Red Hat Enterprise Virtualization 3. This issue affects the versions of the qemu-kvm packages as shipped with Red Hat Enterprise Linux 7. This issue affects the Red Hat Enterprise Linux 7 based versions of the qemu-kvm-rhev packages as shipped with Red Hat Enterprise Virtualization 3. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5kvmNot affected
Red Hat Enterprise Linux 5xenNot affected
Red Hat Enterprise Linux 6qemu-kvmNot affected
Red Hat Enterprise Linux 7qemu-kvmWill not fix
Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 6qemu-kvm-rhevNot affected
Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7qemu-kvm-rhevWill not fix
Red Hat Enterprise Linux OpenStack Platform 6 (Juno)qemu-kvm-rhevWill not fix
Red Hat Enterprise Linux OpenStack Platform 7 (Kilo)qemu-kvm-rhevWill not fix

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-369
https://bugzilla.redhat.com/show_bug.cgi?id=1289541Qemu: ui: vnc: avoid floating point exception

EPSS

Процентиль: 86%
0.02814
Низкий

6.3 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2015-8504

CVSS3: 6.5
ubuntu
почти 9 лет назад

Qemu, when built with VNC display driver support, allows remote attackers to cause a denial of service (arithmetic exception and application crash) via crafted SetPixelFormat messages from a client.

nvd логотип

CVE-2015-8504

CVSS3: 6.5
nvd
почти 9 лет назад

Qemu, when built with VNC display driver support, allows remote attackers to cause a denial of service (arithmetic exception and application crash) via crafted SetPixelFormat messages from a client.

debian логотип

CVE-2015-8504

CVSS3: 6.5
debian
почти 9 лет назад

Qemu, when built with VNC display driver support, allows remote attack ...

github логотип

GHSA-g957-g6mh-xp98

CVSS3: 6.5
github
больше 3 лет назад

Qemu, when built with VNC display driver support, allows remote attackers to cause a denial of service (arithmetic exception and application crash) via crafted SetPixelFormat messages from a client.

suse-cvrf логотип

openSUSE-SU-2016:0126-1

suse-cvrf
около 10 лет назад

Security update for xen

EPSS

Процентиль: 86%
0.02814
Низкий

6.3 Medium

CVSS2