8.6 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
7.8 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
qemu-kvm-rhev is vulnerable to denial of service. It was found that the QEMU’s websocket frame decoder processed incoming frames without limiting resources used to process the header and the payload. An attacker able to access a guest’s VNC console could use this flaw to trigger a denial of service on the host by exhausting all available memory and CPU.
lists.fedoraproject.org/pipermail/package-announce/2015-April/154656.html
lists.fedoraproject.org/pipermail/package-announce/2015-April/155196.html
lists.opensuse.org/opensuse-security-announce/2015-05/msg00033.html
lists.opensuse.org/opensuse-security-announce/2015-05/msg00042.html
rhn.redhat.com/errata/RHSA-2015-1931.html
rhn.redhat.com/errata/RHSA-2015-1943.html
www.debian.org/security/2015/dsa-3259
www.openwall.com/lists/oss-security/2015/03/24/9
www.openwall.com/lists/oss-security/2015/04/09/6
www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
www.securityfocus.com/bid/73303
www.securitytracker.com/id/1033975
www.ubuntu.com/usn/USN-2608-1
access.redhat.com/errata/RHSA-2015:1931
access.redhat.com/errata/RHSA-2015:1943
access.redhat.com/security/cve/CVE-2015-1779
access.redhat.com/security/updates/classification/#moderate
bugzilla.redhat.com/show_bug.cgi?id=1199572
lists.gnu.org/archive/html/qemu-devel/2015-03/msg04894.html
lists.gnu.org/archive/html/qemu-devel/2015-03/msg04895.html
lists.gnu.org/archive/html/qemu-devel/2015-03/msg04896.html
rhn.redhat.com/errata/RHSA-2015-1931.html
security.gentoo.org/glsa/201602-01
8.6 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
7.8 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C