Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
8.6
CVSSv3

CVE-2015-1779

Published: 12/01/2016 Updated: 13/02/2023
CVSS v2 Base Score: 7.8 | Impact Score: 6.9 | Exploitability Score: 10
CVSS v3 Base Score: 8.6 | Impact Score: 4 | Exploitability Score: 3.9
VMScore: 694
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C
Subscribe to Qemu

Vulnerability Summary

The VNC websocket frame decoder in QEMU allows remote malicious users to cause a denial of service (memory and CPU consumption) via a large (1) websocket payload or (2) HTTP headers section.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

qemu qemu 2.3.0

qemu qemu

canonical ubuntu linux 14.10

canonical ubuntu linux 15.04

canonical ubuntu linux 12.04

canonical ubuntu linux 14.04

debian debian linux 8.0

debian debian linux 7.0

fedoraproject fedora 22

fedoraproject fedora 21

redhat enterprise linux workstation 7.0

redhat enterprise linux server 7.0

redhat enterprise linux eus 7.1

redhat enterprise linux server tus 7.3

redhat enterprise linux server aus 7.3

redhat enterprise linux server aus 7.4

redhat enterprise linux eus 7.3

redhat enterprise linux eus 7.4

redhat enterprise linux eus 7.5

redhat enterprise linux server tus 7.6

redhat enterprise linux server aus 7.6

redhat enterprise linux eus 7.6

redhat enterprise linux eus 7.2

redhat enterprise linux server aus 7.7

redhat enterprise linux server tus 7.7

redhat enterprise linux eus 7.7

redhat virtualization 3.0

oracle linux 7

Vendor Advisories

Debian CVElist Bug Report Logs: qemu: CVE-2014-9718 CVE-2015-1779
Debian Bug report logs - #781250 qemu: CVE-2014-9718 CVE-2015-1779 Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Thu, 26 Mar 2015 13:48:13 UTC Severity: important Tags: confirmed, security, upstream Fixe ...
Ubuntu Security Notice: qemu, qemu-kvm vulnerabilities
Several security issues were fixed in QEMU ...
Debian Security Advisories: DSA-3259-1 qemu -- security update
Several vulnerabilities were discovered in the qemu virtualisation solution: CVE-2014-9718 It was discovered that the IDE controller emulation is susceptible to denial of service CVE-2015-1779 Daniel P Berrange discovered a denial of service vulnerability in the VNC web socket decoder CVE-2015-2756 Jan Beulich discovered tha ...
Red Hat: CVE-2015-1779
It was found that the QEMU's websocket frame decoder processed incoming frames without limiting resources used to process the header and the payload An attacker able to access a guest's VNC console could use this flaw to trigger a denial of service on the host by exhausting all available memory and CPU ...

References

CWE-400http://www.debian.org/security/2015/dsa-3259https://lists.gnu.org/archive/html/qemu-devel/2015-03/msg04894.htmlhttp://www.securitytracker.com/id/1033975http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00033.htmlhttps://lists.gnu.org/archive/html/qemu-devel/2015-03/msg04896.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2015-April/155196.htmlhttp://www.openwall.com/lists/oss-security/2015/03/24/9http://www.ubuntu.com/usn/USN-2608-1http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154656.htmlhttp://www.securityfocus.com/bid/73303https://lists.gnu.org/archive/html/qemu-devel/2015-03/msg04895.htmlhttp://rhn.redhat.com/errata/RHSA-2015-1943.htmlhttp://rhn.redhat.com/errata/RHSA-2015-1931.htmlhttp://www.openwall.com/lists/oss-security/2015/04/09/6http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00042.htmlhttp://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.htmlhttps://security.gentoo.org/glsa/201602-01https://nvd.nist.govhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=781250https://usn.ubuntu.com/2608-1/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463CVE-2024-29895injectCVE-2023-52689CVE-2024-5049CVE-2024-5051privilege escalationphysicalCVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook