FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

qemu -- denial of service vulnerability

Affected packages
qemu < 2.3.0
qemu-devel < 2.3.0
qemu-sbruno < 2.3.0

Details

VuXML ID a228c7a0-ba66-11e6-b1cf-14dae9d210b8
Discovery 2015-03-23
Entry 2016-12-04
Modified 2016-12-06

Daniel P. Berrange reports:

The VNC server websockets decoder will read and buffer data from websockets clients until it sees the end of the HTTP headers, as indicated by \r\n\r\n. In theory this allows a malicious to trick QEMU into consuming an arbitrary amount of RAM.

[source]

References

CVE Name CVE-2015-1779
FreeBSD PR ports/206725
URL https://lists.gnu.org/archive/html/qemu-devel/2015-03/msg04895.html

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.