CVE-2015-1779

high

Description

It was found that the QEMU's websocket frame decoder processed incoming frames without limiting resources used to process the header and the payload. An attacker able to access a guest's VNC console could use this flaw to trigger a denial of service on the host by exhausting all available memory and CPU.

References

http://www.debian.org/security/2015/dsa-3259

https://lists.gnu.org/archive/html/qemu-devel/2015-03/msg04894.html

http://www.securitytracker.com/id/1033975

http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00033.html

https://lists.gnu.org/archive/html/qemu-devel/2015-03/msg04896.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155196.html

http://www.openwall.com/lists/oss-security/2015/03/24/9

http://www.ubuntu.com/usn/USN-2608-1

http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154656.html

http://www.securityfocus.com/bid/73303

https://lists.gnu.org/archive/html/qemu-devel/2015-03/msg04895.html

http://rhn.redhat.com/errata/RHSA-2015-1943.html

http://rhn.redhat.com/errata/RHSA-2015-1931.html

http://www.openwall.com/lists/oss-security/2015/04/09/6

http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00042.html

http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html

https://security.gentoo.org/glsa/201602-01

https://access.redhat.com/errata/RHSA-2015:1943

https://access.redhat.com/errata/RHSA-2015:1931

https://bugzilla.redhat.com/show_bug.cgi?id=1199572

https://access.redhat.com/security/cve/CVE-2015-1779

Details

Source: MITRE

Published: 2016-01-12

Updated: 2023-02-02

Type: CWE-400

Risk Information

CVSS v2

Base Score: 7.8

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C

Impact Score: 6.9

Exploitability Score: 10

Severity: HIGH

CVSS v3

Base Score: 8.6

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Impact Score: 4

Exploitability Score: 3.9

Severity: HIGH