qemu: vnc: insufficient resource limiting in VNC websockets decoder (CVE-2015-1779)
It was found that the QEMU’s websocket frame decoder processed incoming frames without limiting resources used to process the header and payload. An attacker able to access a guest’s VNC console could use this flaw to trigger a denial of service on the host by exhausting all available memory and CPU.
References:
http://seclists.org/oss-sec/2015/q1/989
https://bugzilla.redhat.com/show\_bug.cgi?id=1199572
CONFIRM: http://git.qemu.org/?p=qemu.git;a=commit;h=a2bebfd6e09d
CONFIRM: http://git.qemu.org/?p=qemu.git;a=commit;h=2cdb5e142fb93
(from redmine: issue id 4155, created on 2015-05-11, closed on 2015-05-22)
- Relations:
- child #4156 (closed)
- child #4157 (closed)