CVE-2015-1779

The VNC websocket frame decoder in QEMU allows remote attackers to cause a denial of service (memory and CPU consumption) via a large (1) websocket payload or (2) HTTP headers section.

Published: Jan 12, 2016
Updated: Apr 13, 2023
CVE: CVE-2015-1779
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.6
AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

CVSS v2:

Severity: High
Score: 7.8
AV:N/AC:L/Au:N/C:N/I:N/A:C

CWEs:

CWE-400

Affected Software
References

Software	From	Fixed in
qemu / qemu	2.3.0-rc1	2.3.0-rc1.x
qemu / qemu	-	2.2.1.x
qemu / qemu	2.3.0-rc0	2.3.0-rc0.x
canonical / ubuntu_linux	14.10	14.10.x
canonical / ubuntu_linux	15.04	15.04.x
canonical / ubuntu_linux	12.04	12.04.x
canonical / ubuntu_linux	14.04	14.04.x
debian / debian_linux	8.0	8.0.x
debian / debian_linux	7.0	7.0.x
fedoraproject / fedora	22	22.x
fedoraproject / fedora	21	21.x
redhat / enterprise_linux_workstation	7.0	7.0.x
redhat / enterprise_linux_server	7.0	7.0.x
redhat / enterprise_linux_eus	7.1	7.1.x
redhat / enterprise_linux_server_tus	7.3	7.3.x
redhat / enterprise_linux_server_aus	7.3	7.3.x
redhat / enterprise_linux_server_aus	7.4	7.4.x
redhat / enterprise_linux_eus	7.3	7.3.x
redhat / enterprise_linux_eus	7.4	7.4.x
redhat / enterprise_linux_eus	7.5	7.5.x
redhat / enterprise_linux_server_tus	7.6	7.6.x
redhat / enterprise_linux_server_aus	7.6	7.6.x
redhat / enterprise_linux_eus	7.6	7.6.x
redhat / enterprise_linux_eus	7.2	7.2.x
redhat / enterprise_linux_server_aus	7.7	7.7.x
redhat / enterprise_linux_server_tus	7.7	7.7.x
redhat / enterprise_linux_eus	7.7	7.7.x
redhat / virtualization	3.0	3.0.x
oracle / linux	7	7.x

Vulnerability Database

CVE-2015-1779

Deep Security Visibility Without the Complexity