CVE-2015-1779 - OpenCVE

The VNC websocket frame decoder in QEMU allows remote attackers to cause a denial of service (memory and CPU consumption) via a large (1) websocket payload or (2) HTTP headers section.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

AV:N/AC:L/Au:N/C:N/I:N/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Redhat	Enterprise Linux Enterprise Linux Server Aus Virtualization Enterprise Linux Server Tus Enterprise Linux Workstation Enterprise Linux Server Enterprise Linux Eus
Oracle	Linux
Canonical	Ubuntu Linux
Fedoraproject	Fedora
Qemu	Qemu
Debian	Debian Linux

Configuration 1 [-]

OR	cpe:2.3:a:qemu:qemu::::::::
	cpe:2.3:a:qemu:qemu:2.3.0:rc0::::::
	cpe:2.3:a:qemu:qemu:2.3.0:rc1::::::

Configuration 2 [-]

OR	cpe:2.3:o:canonical:ubuntu_linux:12.04::::esm:::
	cpe:2.3:o:canonical:ubuntu_linux:14.04::::esm:::
	cpe:2.3:o:canonical:ubuntu_linux:14.10:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:15.04:::::::*

Configuration 3 [-]

OR	cpe:2.3:o:debian:debian_linux:7.0:::::::*
	cpe:2.3:o:debian:debian_linux:8.0:::::::*

Configuration 4 [-]

OR	cpe:2.3:o:fedoraproject:fedora:21:::::::*
	cpe:2.3:o:fedoraproject:fedora:22:::::::*

Configuration 5 [-]

OR	cpe:2.3:o:redhat:enterprise_linux_eus:7.1:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:7.2:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:7.3:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:7.4:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:7.5:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:7.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:7.7:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:::::::*
	cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*

Configuration 6 [-]

AND

cpe:2.3:a:redhat:virtualization:3.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*

Configuration 7 [-]

cpe:2.3:o:oracle:linux:7:-:*:*:*:*:*:*

References

Link	Resource
http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154656.html	Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155196.html	Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00033.html	Broken Link
http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00042.html	Broken Link
http://rhn.redhat.com/errata/RHSA-2015-1931.html	Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-1943.html	Third Party Advisory
http://www.debian.org/security/2015/dsa-3259	Third Party Advisory
http://www.openwall.com/lists/oss-security/2015/03/24/9	Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2015/04/09/6	Mailing List Third Party Advisory
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html	Third Party Advisory
http://www.securityfocus.com/bid/73303	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1033975	Third Party Advisory VDB Entry
http://www.ubuntu.com/usn/USN-2608-1	Third Party Advisory
https://lists.gnu.org/archive/html/qemu-devel/2015-03/msg04894.html	Mailing List Third Party Advisory
https://lists.gnu.org/archive/html/qemu-devel/2015-03/msg04895.html	Mailing List Patch Third Party Advisory
https://lists.gnu.org/archive/html/qemu-devel/2015-03/msg04896.html	Mailing List Patch Third Party Advisory
https://security.gentoo.org/glsa/201602-01	Third Party Advisory