Back to search
CVE-2017-15124
Published: Jan 9, 2018
Modified: Aug 5, 2024
PUBLISHED
Description
VNC server implementation in Quick Emulator (QEMU) 2.11.0 and older was found to be vulnerable to an unbounded memory allocation issue, as it did not throttle the framebuffer updates sent to its client. If the client did not consume these updates, VNC server allocates growing memory to hold onto this data. A malicious remote VNC client could use this flaw to cause DoS to the server host.
| Vendor | Product | Versions |
|---|---|---|
QEMU | Qemu | affected 2.11.0 and older |
Weaknesses (CWE)
References
102295
vdb-entry
x_refsource_BID
https://bugzilla.redhat.com/show_bug.cgi?id=1525195
x_refsource_CONFIRM
DSA-4213
vendor-advisory
x_refsource_DEBIAN
RHSA-2018:0816
vendor-advisory
x_refsource_REDHAT
RHSA-2018:1104
vendor-advisory
x_refsource_REDHAT
RHSA-2018:1113
vendor-advisory
x_refsource_REDHAT
USN-3575-1
vendor-advisory
x_refsource_UBUNTU
RHSA-2018:3062
vendor-advisory
x_refsource_REDHAT
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now