PT-2017-3587 · Qemu+5 · Qemu+5
Daniel Berrange
·
Publicado
2017-12-12
·
Atualizado
2023-02-12
·
CVE-2017-15124
CVSS v2.0
7.8
Alta
| Vetor | AV:N/AC:L/Au:N/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions:
QEMU versions 2.11.0 and older
Description:
The issue is related to insufficient input validation in the VNC server implementation of the QEMU hardware emulator. It can be exploited by a remote attacker to cause a denial of service. A malicious remote VNC client can utilize this flaw to allocate growing memory, leading to a denial of service on the server host.
Recommendations:
For QEMU versions 2.11.0 and older, consider restricting access to the VNC server implementation until a patch is available. As a temporary workaround, limiting the memory allocation for the VNC server or throttling the framebuffer updates sent to the client may help minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
DoS
RCE
Allocation of Resources Without Limits
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Alt Linux
Centos
Qemu
Red Hat
Suse
Ubuntu