Lucene search

[email protected]CVE-2015-1779

HistoryJan 12, 2016 - 7:59 p.m.

CVE-2015-1779

2016-01-1219:59:00

CWE-400

[email protected]

web.nvd.nist.gov

cve-2015-1779

vnc

qemu

denial of service

memory consumption

cpu consumption

websocket

http headers

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

8.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

7.9 High

AI Score

Confidence

High

0.011 Low

EPSS

Percentile

84.5%

JSON

The VNC websocket frame decoder in QEMU allows remote attackers to cause a denial of service (memory and CPU consumption) via a large (1) websocket payload or (2) HTTP headers section.

Affected configurations

NVD

Node

qemuqemuRange≤2.2.1

qemuqemuMatch2.3.0rc0

qemuqemuMatch2.3.0rc1

Node

canonicalubuntu_linuxMatch12.04esm

canonicalubuntu_linuxMatch14.04esm

canonicalubuntu_linuxMatch14.10

canonicalubuntu_linuxMatch15.04

Node

debiandebian_linuxMatch7.0

debiandebian_linuxMatch8.0

Node

fedoraprojectfedoraMatch21

fedoraprojectfedoraMatch22

Node

redhatenterprise_linux_eusMatch7.1

redhatenterprise_linux_eusMatch7.2

redhatenterprise_linux_eusMatch7.3

redhatenterprise_linux_eusMatch7.4

redhatenterprise_linux_eusMatch7.5

redhatenterprise_linux_eusMatch7.6

redhatenterprise_linux_eusMatch7.7

redhatenterprise_linux_serverMatch7.0

redhatenterprise_linux_server_ausMatch7.3

redhatenterprise_linux_server_ausMatch7.4

redhatenterprise_linux_server_ausMatch7.6

redhatenterprise_linux_server_ausMatch7.7

redhatenterprise_linux_server_tusMatch7.3

redhatenterprise_linux_server_tusMatch7.6

redhatenterprise_linux_server_tusMatch7.7

redhatenterprise_linux_workstationMatch7.0

Node

redhatvirtualizationMatch3.0

AND

redhatenterprise_linuxMatch7.0

Node

oraclelinuxMatch7-

CPENameOperatorVersion
qemu:qemuqemule2.2.1
qemu:qemuqemueq2.3.0

CPE	Name	Operator	Version
qemu:qemu	qemu	le	2.2.1
qemu:qemu	qemu	eq	2.3.0

References

lists.fedoraproject.org/pipermail/package-announce/2015-April/154656.html

lists.fedoraproject.org/pipermail/package-announce/2015-April/155196.html

lists.opensuse.org/opensuse-security-announce/2015-05/msg00033.html

lists.opensuse.org/opensuse-security-announce/2015-05/msg00042.html

rhn.redhat.com/errata/RHSA-2015-1931.html

rhn.redhat.com/errata/RHSA-2015-1943.html

www.debian.org/security/2015/dsa-3259

www.openwall.com/lists/oss-security/2015/03/24/9

www.openwall.com/lists/oss-security/2015/04/09/6

www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html

www.securityfocus.com/bid/73303

www.securitytracker.com/id/1033975

www.ubuntu.com/usn/USN-2608-1

lists.gnu.org/archive/html/qemu-devel/2015-03/msg04894.html

lists.gnu.org/archive/html/qemu-devel/2015-03/msg04895.html

lists.gnu.org/archive/html/qemu-devel/2015-03/msg04896.html

security.gentoo.org/glsa/201602-01

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

8.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

7.9 High

AI Score

Confidence

High

0.011 Low

EPSS

Percentile

84.5%

JSON

Related for CVE-2015-1779

nessus19 freebsd1 redhat2 openvas23 nvd1 fedora4 centos1 prion1 ibm2 veracode1 oraclelinux1 mageia1 securityvulns3 cvelist1 suse7 debiancve1 ubuntucve1 ubuntu1 debian1 osv1 gentoo1