Veracode Vulnerability DatabaseVERACODE:11829Denial Of Service (DoS)
0.011 Low
EPSS
Percentile
84.5%
qemu-kvm-rhev is vulnerable to denial of service. It was found that the QEMU’s websocket frame decoder processed incoming frames without limiting resources used to process the header and the payload. An attacker able to access a guest’s VNC console could use this flaw to trigger a denial of service on the host by exhausting all available memory and CPU.
References
lists.fedoraproject.org/pipermail/package-announce/2015-April/154656.html
lists.fedoraproject.org/pipermail/package-announce/2015-April/155196.html
lists.opensuse.org/opensuse-security-announce/2015-05/msg00033.html
lists.opensuse.org/opensuse-security-announce/2015-05/msg00042.html
rhn.redhat.com/errata/RHSA-2015-1931.html
rhn.redhat.com/errata/RHSA-2015-1943.html
www.debian.org/security/2015/dsa-3259
www.openwall.com/lists/oss-security/2015/03/24/9
www.openwall.com/lists/oss-security/2015/04/09/6
www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
www.securityfocus.com/bid/73303
www.securitytracker.com/id/1033975
www.ubuntu.com/usn/USN-2608-1
access.redhat.com/errata/RHSA-2015:1931
access.redhat.com/errata/RHSA-2015:1943
access.redhat.com/security/cve/CVE-2015-1779
access.redhat.com/security/updates/classification/#moderate
bugzilla.redhat.com/show_bug.cgi?id=1199572
lists.gnu.org/archive/html/qemu-devel/2015-03/msg04894.html
lists.gnu.org/archive/html/qemu-devel/2015-03/msg04895.html
lists.gnu.org/archive/html/qemu-devel/2015-03/msg04896.html
rhn.redhat.com/errata/RHSA-2015-1931.html
security.gentoo.org/glsa/201602-01
Related
