CVE-2015-1779
high-risk
Published 2016-01-12
The VNC websocket frame decoder in QEMU allows remote attackers to cause a denial of service (memory and CPU consumption) via a large (1) websocket payload or (2) HTTP headers section.
Do I need to act?
~
5.6% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.6/10
High
NETWORK
/ LOW complexity
Affected Products (20)
References (34)
Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154656.html
Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155196.html
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-1931.html
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-1943.html
Third Party Advisory
http://www.debian.org/security/2015/dsa-3259
Third Party Advisory
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.h...
Third Party Advisory
http://www.securityfocus.com/bid/73303
Third Party Advisory
http://www.securitytracker.com/id/1033975
Third Party Advisory
http://www.ubuntu.com/usn/USN-2608-1
Third Party Advisory
https://security.gentoo.org/glsa/201602-01
Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154656.html
Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155196.html
and 14 more references
59
/ 100
high-risk
Severity
29/34 · Critical
Exploitability
8/34 · Low
Exposure
22/34 · High