CVE-2015-1779: The VNC websocket frame decoder in QEMU allows remote attackers to cause a denial of service (memory and CPU consumption) via a large (1) websocket payload or…

high8.6CVSS 3.1

AVNACLPRNUINSCCNINAH

The VNC websocket frame decoder in QEMU allows remote attackers to cause a denial of service (memory and CPU consumption) via a large (1) websocket payload or (2) HTTP headers section.

Affected

34 ranges· showing 25

Vendor	Product	Version range	Fixed in
canonical	ubuntu_linux	—	—
canonical	ubuntu_linux	—	—
canonical	ubuntu_linux	—	—
canonical	ubuntu_linux	—	—
debian	debian_linux	—	—
debian	debian_linux	—	—
debian	qemu	< qemu 1:2.3+dfsg-1 (bookworm)	qemu 1:2.3+dfsg-1 (bookworm)
fedoraproject	fedora	—	—
fedoraproject	fedora	—	—
oracle	linux	—	—
qemu	qemu	<= 2.2.1	—
qemu	qemu	—	—
qemu	qemu	>= 0 < 1:2.3+dfsg-1	1:2.3+dfsg-1
qemu	qemu	>= 0 < 1:2.3+dfsg-1	1:2.3+dfsg-1
qemu	qemu	>= 0 < 1:2.3+dfsg-1	1:2.3+dfsg-1
qemu	qemu	>= 0 < 1:2.3+dfsg-1	1:2.3+dfsg-1
qemu	qemu	>= 0 < 2.0.0+dfsg-2ubuntu1.11	2.0.0+dfsg-2ubuntu1.11
redhat	enterprise_linux_eus	—	—
redhat	enterprise_linux_eus	—	—
redhat	enterprise_linux_eus	—	—
redhat	enterprise_linux_eus	—	—
redhat	enterprise_linux_eus	—	—
redhat	enterprise_linux_eus	—	—
redhat	enterprise_linux_eus	—	—
redhat	enterprise_linux_server	—	—

CVSS provenance

nvdv3.18.6HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

osv8.6HIGH