Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2017-15268

Опубликовано: 22 сент. 2017
Источник: redhat
CVSS3: 3
CVSS2: 2.1
EPSS Низкий

Описание

Qemu through 2.10.0 allows remote attackers to cause a memory leak by triggering slow data-channel read operations, related to io/channel-websock.c.

A memory leakage issue was found in the I/O channels websockets implementation of the Quick Emulator (QEMU). It could occur while sending screen updates to a client, which is slow to read and process them further. A privileged guest user could use this flaw to cause a denial of service on the host and/or potentially crash the QEMU process instance on the host.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5kvmNot affected
Red Hat Enterprise Linux 5xenNot affected
Red Hat Enterprise Linux 6qemu-kvmNot affected
Red Hat Enterprise Linux 6qemu-kvm-rhevNot affected
Red Hat Enterprise Linux 7qemu-kvm-maAffected
Red Hat Enterprise Linux 7qemu-kvm-rhevAffected
Red Hat Enterprise Linux OpenStack Platform 6 (Juno)qemu-kvm-rhevNot affected
Red Hat Enterprise Linux OpenStack Platform 7 (Kilo)qemu-kvm-rhevNot affected
Red Hat Enterprise Linux 7qemu-kvmFixedRHSA-2018:081610.04.2018
Red Hat OpenStack Platform 10.0 (Newton)qemu-kvm-rhevFixedRHSA-2018:111311.04.2018

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-400
https://bugzilla.redhat.com/show_bug.cgi?id=1496879QEMU: I/O: potential memory exhaustion via websock connection to VNC

EPSS

Процентиль: 73%
0.00781
Низкий

3 Low

CVSS3

2.1 Low

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2017-15268

CVSS3: 7.5
ubuntu
больше 7 лет назад

Qemu through 2.10.0 allows remote attackers to cause a memory leak by triggering slow data-channel read operations, related to io/channel-websock.c.

nvd логотип

CVE-2017-15268

CVSS3: 7.5
nvd
больше 7 лет назад

Qemu through 2.10.0 allows remote attackers to cause a memory leak by triggering slow data-channel read operations, related to io/channel-websock.c.

debian логотип

CVE-2017-15268

CVSS3: 7.5
debian
больше 7 лет назад

Qemu through 2.10.0 allows remote attackers to cause a memory leak by ...

github логотип

GHSA-qjr3-vg76-3637

CVSS3: 7.5
github
около 3 лет назад

Qemu through 2.10.0 allows remote attackers to cause a memory leak by triggering slow data-channel read operations, related to io/channel-websock.c.

fstec логотип

BDU:2019-04102

CVSS3: 7.5
fstec
больше 7 лет назад

Уязвимость компонента io/channel-websock.c эмулятора аппаратного обеспечения QEMU, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 73%
0.00781
Низкий

3 Low

CVSS3

2.1 Low

CVSS2