PT-2015-2970 · Qemu+5 · Qemu+5

Daniel P. Berrange

Published

2015-03-25

Updated

2024-06-15

CVE-2015-1779

CVSS v3.1

8.6

High

Vector

AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions QEMU (affected versions not specified)

Description The issue is related to the VNC websocket frame decoder in QEMU, which allows remote attackers to cause a denial of service. This can be achieved through a large websocket payload or a large HTTP headers section, resulting in memory and CPU consumption. The vulnerability is associated with resource management errors.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-399CWE-400

Related Identifiers

ALT-PU-2015-1412

BDU:2016-00128

CESA-2015_1943

CVE-2015-1779

DSA-3259-1

MGASA-2015-0149

OPENSUSE-SU-2016_0914-1

OPENSUSE-SU-2016_0995-1

OPENSUSE-SU-2024:10196-1

RHSA-2015:1931

RHSA-2015:1943

RHSA-2015_1943

SUSE-SU-2015:0870-1

SUSE-SU-2015:0889-1

SUSE-SU-2015:0896-1

SUSE-SU-2015:1152-1

SUSE-SU-2015_0870-1

SUSE-SU-2016:0873-1

SUSE-SU-2016:0955-1

SUSE-SU-2016:1318-1

SUSE-SU-2021:14704-1

SUSE-SU-2021:14706-1

SUSE-SU-2021_14704-1

USN-2608-1

Affected Products

Alt Linux

Centos

Qemu

Red Hat

Suse

Ubuntu

PT-2015-2970 · Qemu+5 · Qemu+5

CVE-2015-1779

Weakness Enumeration

Related Identifiers

Affected Products

References · 405