[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] CVE-2019-20382 QEMU: vnc: memory leakage upon disconnect
From: P J P <ppandit () redhat ! com>
Date: 2020-03-05 9:41:17
Message-ID: nycvar.YSQ.7.76.2003051452250.5086 () xnncv
[Download RAW message or body]
Hello,
A memory leakage flaw was found in the way VNC display driver of QEMU handled
connection disconnect, when ZRLE, Tight encoding is enabled. It creates two
vncState objects, one of which allocates memory for Zlib's data object. This
allocated memory is not free'd upon disconnection resulting in the said memory
leakage issue.
A user able to connect to the VNC server could use this flaw to leak host
memory leading to a potential DoS scenario.
Upstream patch:
---------------
-> https://git.qemu.org/?p=qemu.git;a=commitdiff;h=6bf21f3d83e95bcc4ba35a7a07cc6655e8b010b0
CVE-2019-20382 assigned via -> https://cveform.mitre.org/
Thank you.
--
Prasad J Pandit / Red Hat Product Security Team
8685 545E B54C 486B C6EB 271E E285 8B5A F050 DE8D
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic