The VNC websocket frame decoder in QEMU allows remote attackers to cause a denial of service (memory and CPU consumption) via a large (1) websocket payload or (2) HTTP headers section.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Configuration 5 (hide)
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
|
History
13 Feb 2023, 00:46
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Summary | The VNC websocket frame decoder in QEMU allows remote attackers to cause a denial of service (memory and CPU consumption) via a large (1) websocket payload or (2) HTTP headers section. |
02 Feb 2023, 15:16
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Summary | It was found that the QEMU's websocket frame decoder processed incoming frames without limiting resources used to process the header and the payload. An attacker able to access a guest's VNC console could use this flaw to trigger a denial of service on the host by exhausting all available memory and CPU. |
Information
Published : 2016-01-12 19:59
Updated : 2023-12-10 11:46
NVD link : CVE-2015-1779
Mitre link : CVE-2015-1779
CVE.ORG link : CVE-2015-1779
JSON object : View
Products Affected
redhat
- enterprise_linux_server_aus
- enterprise_linux_workstation
- virtualization
- enterprise_linux_eus
- enterprise_linux_server
- enterprise_linux_server_tus
- enterprise_linux
oracle
- linux
canonical
- ubuntu_linux
qemu
- qemu
fedoraproject
- fedora
debian
- debian_linux
CWE
CWE-400
Uncontrolled Resource Consumption