CVE-2015-1779
Published: 25 March 2015
The VNC websocket frame decoder in QEMU allows remote attackers to cause a denial of service (memory and CPU consumption) via a large (1) websocket payload or (2) HTTP headers section.
Priority
CVSS 3 base score: 8.6
Status
Package | Release | Status |
---|---|---|
qemu Launchpad, Ubuntu, Debian |
Upstream |
Needs triage
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Released
(2.0.0+dfsg-2ubuntu1.11)
|
|
Patches: Upstream: http://git.qemu.org/?p=qemu.git;a=commit;h=a2bebfd6e09d285aa793cae3fb0fc3a39a9fee6e Upstream: http://git.qemu.org/?p=qemu.git;a=commit;h=2cdb5e142fb93e875fa53c52864ef5eb8d5d8b41 |
||
qemu-kvm Launchpad, Ubuntu, Debian |
Upstream |
Needs triage
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
Notes
Author | Note |
---|---|
sbeattie | websockets introduced in qemu 1.4 |
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1779
- https://lists.gnu.org/archive/html/qemu-devel/2015-03/msg04894.html
- https://usn.ubuntu.com/usn/usn-2608-1
- NVD
- Launchpad
- Debian