CVE-2015-1779 — Uncontrolled Resource Consumption in Qemu
Severity
8.6HIGHNVD
EPSS
5.6%
top 9.69%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJan 12
Latest updateMay 13
Description
The VNC websocket frame decoder in QEMU allows remote attackers to cause a denial of service (memory and CPU consumption) via a large (1) websocket payload or (2) HTTP headers section.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:HExploitability: 3.9 | Impact: 4.0
Affected Packages6 packages
Also affects: Debian Linux 7.0, 8.0, Fedora 21, 22, Ubuntu Linux 12.04, 14.04, 14.10, 15.04, Enterprise Linux 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.7
Patches
🔴Vulnerability Details
4GHSA▶
GHSA-cmjj-4jjr-c8vv: The VNC websocket frame decoder in QEMU allows remote attackers to cause a denial of service (memory and CPU consumption) via a large (1) websocket pa↗2022-05-13
CVEList▶
CVE-2015-1779: The VNC websocket frame decoder in QEMU allows remote attackers to cause a denial of service (memory and CPU consumption) via a large (1) websocket pa↗2016-01-12
OSV▶
CVE-2015-1779: The VNC websocket frame decoder in QEMU allows remote attackers to cause a denial of service (memory and CPU consumption) via a large (1) websocket pa↗2016-01-12