Lucene search

K

Veracode Vulnerability DatabaseVERACODE:11829

HistoryJan 15, 2019 - 9:08 a.m.

Denial Of Service (DoS)

2019-01-1509:08:08

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

8

8.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

qemu-kvm-rhev is vulnerable to denial of service. It was found that the QEMU’s websocket frame decoder processed incoming frames without limiting resources used to process the header and the payload. An attacker able to access a guest’s VNC console could use this flaw to trigger a denial of service on the host by exhausting all available memory and CPU.

CPENameOperatorVersion
qemu-kvm-rheveq1.5.3__60.el7ev_0.2
qemu-kvm-rheveq1.5.3__60.el7_0.7
qemu-kvm-rheveq1.5.3__60.el7_0.10
qemu-kvm-rheveq1.5.3__60.el7_0.11
qemu-kvm-rheveq1.5.3__60.el7ev_0.2
qemu-kvm-rheveq1.5.3__60.el7_0.7
qemu-kvm-rheveq1.5.3__60.el7_0.10
qemu-kvm-rheveq1.5.3__60.el7_0.11

References

lists.fedoraproject.org/pipermail/package-announce/2015-April/154656.html

lists.fedoraproject.org/pipermail/package-announce/2015-April/155196.html

lists.opensuse.org/opensuse-security-announce/2015-05/msg00033.html

lists.opensuse.org/opensuse-security-announce/2015-05/msg00042.html

rhn.redhat.com/errata/RHSA-2015-1931.html

rhn.redhat.com/errata/RHSA-2015-1943.html

www.debian.org/security/2015/dsa-3259

www.openwall.com/lists/oss-security/2015/03/24/9

www.openwall.com/lists/oss-security/2015/04/09/6

www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html

www.securityfocus.com/bid/73303

www.securitytracker.com/id/1033975

www.ubuntu.com/usn/USN-2608-1

access.redhat.com/errata/RHSA-2015:1931

access.redhat.com/errata/RHSA-2015:1943

access.redhat.com/security/cve/CVE-2015-1779

access.redhat.com/security/updates/classification/#moderate

bugzilla.redhat.com/show_bug.cgi?id=1199572

lists.gnu.org/archive/html/qemu-devel/2015-03/msg04894.html

lists.gnu.org/archive/html/qemu-devel/2015-03/msg04895.html

lists.gnu.org/archive/html/qemu-devel/2015-03/msg04896.html

rhn.redhat.com/errata/RHSA-2015-1931.html

security.gentoo.org/glsa/201602-01

8.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

Related for VERACODE:11829

nessus19 ibm2 prion1 openvas23 centos1 fedora4 redhat2 freebsd1 securityvulns3 mageia1 oraclelinux1 suse7 ubuntucve1 cve1 debiancve1 ubuntu1 debian1 osv1 gentoo1