ALT-PU-2015-1412-1
Closed vulnerabilities
Published: 2016-01-12
BDU:2016-00128
Уязвимость эмулятора аппаратного обеспечения QEMU, позволяющая нарушителю вызвать отказ в обслуживании
Severity: HIGH (7.8)
References:
Published: 2016-01-12
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2015-1779
The VNC websocket frame decoder in QEMU allows remote attackers to cause a denial of service (memory and CPU consumption) via a large (1) websocket payload or (2) HTTP headers section.
Severity: HIGH (8.6)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
References:
- FEDORA-2015-5482
- FEDORA-2015-5482
- FEDORA-2015-5541
- FEDORA-2015-5541
- SUSE-SU-2015:0870
- SUSE-SU-2015:0870
- SUSE-SU-2015:0896
- SUSE-SU-2015:0896
- RHSA-2015:1931
- RHSA-2015:1931
- RHSA-2015:1943
- RHSA-2015:1943
- DSA-3259
- DSA-3259
- [oss-security] 20150324 CVE-2015-1779 qemu: vnc: insufficient resource limiting in VNC websockets decoder
- [oss-security] 20150324 CVE-2015-1779 qemu: vnc: insufficient resource limiting in VNC websockets decoder
- [oss-security] 20150409 Re: CVE-2015-1779 qemu: vnc: insufficient resource limiting in VNC websockets decoder
- [oss-security] 20150409 Re: CVE-2015-1779 qemu: vnc: insufficient resource limiting in VNC websockets decoder
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
- 73303
- 73303
- 1033975
- 1033975
- USN-2608-1
- USN-2608-1
- [Qemu-devel] 20150323 [PATCH 0/2] CVE-2015-1779: fix denial of service in VNC websockets
- [Qemu-devel] 20150323 [PATCH 0/2] CVE-2015-1779: fix denial of service in VNC websockets
- [Qemu-devel] 20150323 [PATCH 2/2] CVE-2015-1779: limit size of HTTP headers from websockets clients
- [Qemu-devel] 20150323 [PATCH 2/2] CVE-2015-1779: limit size of HTTP headers from websockets clients
- [Qemu-devel] 20150323 [PATCH 1/2] CVE-2015-1779: incrementally decode websocket frames
- [Qemu-devel] 20150323 [PATCH 1/2] CVE-2015-1779: incrementally decode websocket frames
- GLSA-201602-01
- GLSA-201602-01