FKIE_CVE-2017-15124

Vulnerability from fkie_nvd - Published: 2018-01-09 21:29 - Updated: 2024-11-21 03:14
Severity ?
7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
VNC server implementation in Quick Emulator (QEMU) 2.11.0 and older was found to be vulnerable to an unbounded memory allocation issue, as it did not throttle the framebuffer updates sent to its client. If the client did not consume these updates, VNC server allocates growing memory to hold onto this data. A malicious remote VNC client could use this flaw to cause DoS to the server host.
References
secalert@redhat.comhttp://www.securityfocus.com/bid/102295
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2018:0816
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2018:1104
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2018:1113
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2018:3062
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=1525195Issue Tracking, Third Party Advisory
secalert@redhat.comhttps://usn.ubuntu.com/3575-1/
secalert@redhat.comhttps://www.debian.org/security/2018/dsa-4213
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/102295
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:0816
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1104
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1113
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:3062
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=1525195Issue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/3575-1/
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2018/dsa-4213
Impacted products
Vendor Product Version
qemu qemu *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D424025B-4108-494F-9F84-492EF5B4B5E5",
              "versionEndIncluding": "2.11.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "VNC server implementation in Quick Emulator (QEMU) 2.11.0 and older was found to be vulnerable to an unbounded memory allocation issue, as it did not throttle the framebuffer updates sent to its client. If the client did not consume these updates, VNC server allocates growing memory to hold onto this data. A malicious remote VNC client could use this flaw to cause DoS to the server host."
    },
    {
      "lang": "es",
      "value": "Se ha descubierto que la implementaci\u00f3n del servidor VNC en Quick Emulator (QEMU) 2.11.0 y anteriores es vulnerable a un problema de asignaci\u00f3n de memoria sin enlazar, ya que no limit\u00f3 las actualizaciones de framebuffer enviadas a su cliente. Si el cliente no consume estas actualizaciones, el servidor de VNC asigna memoria que va creciendo para albergar estos datos. Un cliente VCN malicioso remoto podr\u00eda emplear este fallo para provocar DoS en el host del servidor."
    }
  ],
  "id": "CVE-2017-15124",
  "lastModified": "2024-11-21T03:14:07.103",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.8,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-01-09T21:29:00.343",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/bid/102295"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2018:0816"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2018:1104"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2018:1113"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2018:3062"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1525195"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://usn.ubuntu.com/3575-1/"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://www.debian.org/security/2018/dsa-4213"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/102295"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2018:0816"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2018:1104"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2018:1113"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2018:3062"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1525195"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://usn.ubuntu.com/3575-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.debian.org/security/2018/dsa-4213"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-770"
        }
      ],
      "source": "secalert@redhat.com",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Secondary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.