[email protected]CVE-2015-1779

HistoryJan 12, 2016 - 7:59 p.m.

CVE-2015-1779

2016-01-1219:59:00

CWE-400

[email protected]

web.nvd.nist.gov

cve-2015-1779

vnc

qemu

denial of service

memory consumption

cpu consumption

websocket

http headers

8.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

7.9 High

AI Score

Confidence

High

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.011 Low

EPSS

Percentile

84.3%

JSON

The VNC websocket frame decoder in QEMU allows remote attackers to cause a denial of service (memory and CPU consumption) via a large (1) websocket payload or (2) HTTP headers section.

CPENameOperatorVersion
qemu:qemuqemueq2.3.0
qemu:qemuqemule2.2.1
canonical:ubuntu_linuxcanonical ubuntu linuxeq14.10
canonical:ubuntu_linuxcanonical ubuntu linuxeq15.04
canonical:ubuntu_linuxcanonical ubuntu linuxeq12.04
canonical:ubuntu_linuxcanonical ubuntu linuxeq14.04
debian:debian_linuxdebian debian linuxeq8.0
debian:debian_linuxdebian debian linuxeq7.0
fedoraproject:fedorafedoraproject fedoraeq22
fedoraproject:fedorafedoraproject fedoraeq21

CPE	Name	Operator	Version
qemu:qemu	qemu	eq	2.3.0
qemu:qemu	qemu	le	2.2.1
canonical:ubuntu_linux	canonical ubuntu linux	eq	14.10
canonical:ubuntu_linux	canonical ubuntu linux	eq	15.04
canonical:ubuntu_linux	canonical ubuntu linux	eq	12.04
canonical:ubuntu_linux	canonical ubuntu linux	eq	14.04
debian:debian_linux	debian debian linux	eq	8.0
debian:debian_linux	debian debian linux	eq	7.0
fedoraproject:fedora	fedoraproject fedora	eq	22
fedoraproject:fedora	fedoraproject fedora	eq	21