7.8
CVE-2017-15124
- EPSS 2.84%
- Veröffentlicht 09.01.2018 21:29:00
- Zuletzt bearbeitet 21.11.2024 03:14:07
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
VNC server implementation in Quick Emulator (QEMU) 2.11.0 and older was found to be vulnerable to an unbounded memory allocation issue, as it did not throttle the framebuffer updates sent to its client. If the client did not consume these updates, VNC server allocates growing memory to hold onto this data. A malicious remote VNC client could use this flaw to cause DoS to the server host.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.84% | 0.848 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
| nvd@nist.gov | 7.8 | 10 | 6.9 |
AV:N/AC:L/Au:N/C:N/I:N/A:C
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
CWE-770 Allocation of Resources Without Limits or Throttling
The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated.
https://usn.ubuntu.com/3575-1/
https://access.redhat.com/errata/RHSA-2018:1104
https://access.redhat.com/errata/RHSA-2018:1113
https://access.redhat.com/errata/RHSA-2018:0816
https://www.debian.org/security/2018/dsa-4213
http://www.securityfocus.com/bid/102295
https://access.redhat.com/errata/RHSA-2018:3062
https://bugzilla.redhat.com/show_bug.cgi?id=1525195