[v3.0] qemu: vnc: insufficient resource limiting in VNC websockets decoder (CVE-2015-1779)
It was found that the QEMU’s websocket frame decoder processed incoming frames without limiting resources used to process the header and payload. An attacker able to access a guest’s VNC console could use this flaw to trigger a denial of service on the host by exhausting all available memory and CPU.
References:
http://seclists.org/oss-sec/2015/q1/989
https://bugzilla.redhat.com/show\_bug.cgi?id=1199572
CONFIRM: http://git.qemu.org/?p=qemu.git;a=commit;h=a2bebfd6e09d
CONFIRM: http://git.qemu.org/?p=qemu.git;a=commit;h=2cdb5e142fb93
(from redmine: issue id 4156, created on 2015-05-11, closed on 2015-05-22)
- Relations:
- parent #4155 (closed)
- Changesets:
- Revision d0b4324e by Natanael Copa on 2015-05-13T09:32:47Z:
main/qemu: security fix for CVE-2014-8106 and CVE-2015-1779
fixes #3777
fixes #4156