Vulnerability CVE-2017-15124: Information

Description

VNC server implementation in Quick Emulator (QEMU) 2.11.0 and older was found to be vulnerable to an unbounded memory allocation issue, as it did not throttle the framebuffer updates sent to its client. If the client did not consume these updates, VNC server allocates growing memory to hold onto this data. A malicious remote VNC client could use this flaw to cause DoS to the server host.

Severity: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2017-15124
Published: Jan. 10, 2018
Modified: Feb. 13, 2023
Error type identifier: CWE-770

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
qemusisyphus2.11.1-alt18.2.2-alt3ALT-PU-2018-1226-1200653Fixed
qemusisyphus_e2k7.2.0-alt3.E2K.37.2.0-alt3.E2K.4ALT-PU-2024-1953-1-Fixed
qemup102.11.1-alt18.2.2-alt0.p10.1ALT-PU-2018-1226-1200653Fixed
qemup10_e2k7.2.0-alt3.E2K.07.2.0-alt3.E2K.3ALT-PU-2023-6766-1-Fixed
qemup92.11.1-alt15.2.0-alt6ALT-PU-2018-1226-1200653Fixed
qemuc10f12.11.1-alt18.0.4-alt1.p10ALT-PU-2018-1226-1200653Fixed
qemuc9f22.11.1-alt15.2.0-alt6.c9.1ALT-PU-2018-1226-1200653Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://bugzilla.redhat.com/show_bug.cgi?id=1525195
  • Issue Tracking
  • Third Party Advisory
USN-3575-1
    RHSA-2018:1104
      RHSA-2018:0816
        RHSA-2018:1113
          102295
            DSA-4213
              RHSA-2018:3062

                  1. Configuration 1

                    cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*
                    End including
                    2.11.0
                VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
                Version: v24.4.2
                Back to top