[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] CVE-2017-15124 Qemu: memory exhaustion through framebuffer update request message in
From: P J P <ppandit () redhat ! com>
Date: 2017-12-19 11:45:36
Message-ID: nycvar.YSQ.7.76.1712191700510.32077 () wniryva
[Download RAW message or body]
Hello,
VNC server implementation in Quick Emulator(QEMU) was found to be vulnerable
to an unbounded memory allocation issue, as it did not throttle the
framebuffer updates sent to its client. If the client did not consume these
updates, VNC server allocates growing memory to hold onto this data.
A malicious VNC client could use this flaw to cause DoS on the remote server
host.
Upstream fix(es):
-----------------
-> https://lists.gnu.org/archive/html/qemu-devel/2017-12/msg03715.html
-> https://lists.gnu.org/archive/html/qemu-devel/2017-12/msg03713.html
-> https://lists.gnu.org/archive/html/qemu-devel/2017-12/msg03711.html
Thread:
-------
-> https://lists.gnu.org/archive/html/qemu-devel/2017-12/msg03705.html
'CVE-2017-15124' is assigned to this issue by Red Hat Inc.
Thank you.
--
Prasad J Pandit / Red Hat Product Security Team
47AF CE69 3A90 54AA 9045 1053 DD13 3D32 FE5B 041F
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic