[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] CVE-2019-20382 QEMU: vnc: memory leakage upon disconnect
From:       P J P <ppandit () redhat ! com>
Date:       2020-03-05 9:41:17
Message-ID: nycvar.YSQ.7.76.2003051452250.5086 () xnncv
[Download RAW message or body]

   Hello,

A memory leakage flaw was found in the way VNC display driver of QEMU handled 
connection disconnect, when ZRLE, Tight encoding is enabled. It creates two 
vncState objects, one of which allocates memory for Zlib's data object. This 
allocated memory is not free'd upon disconnection resulting in the said memory 
leakage issue.

A user able to connect to the VNC server could use this flaw to leak host 
memory leading to a potential DoS scenario.

Upstream patch:
---------------
   -> https://git.qemu.org/?p=qemu.git;a=commitdiff;h=6bf21f3d83e95bcc4ba35a7a07cc6655e8b010b0

CVE-2019-20382 assigned via -> https://cveform.mitre.org/

Thank you.
--
Prasad J Pandit / Red Hat Product Security Team
8685 545E B54C 486B C6EB 271E E285 8B5A F050 DE8D

[prev in list] [next in list] [prev in thread] [next in thread]