[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-devel] [PATCH 0/2] CVE-2015-1779: fix denial of service in VNC web

From: Daniel P. Berrange
Subject: [Qemu-devel] [PATCH 0/2] CVE-2015-1779: fix denial of service in VNC websockets
Date: Mon, 23 Mar 2015 22:58:20 +0000

The VNC websockets protocol decoder has two places where it did
not correctly limit its resource usage when processing data from
the client. This can be abused by a malicious client to cause QEMU
to consume all system memory, unless it is otherwise limited by
ulimits and/or cgroups. These problems can be triggered in the
websockets layer before the VNC protocol actually starts, so no
client authentication will have taken place at this point.

Daniel P. Berrange (2):
  CVE-2015-1779: incrementally decode websocket frames
  CVE-2015-1779: limit size of HTTP headers from websockets clients

 ui/vnc-ws.c | 115 +++++++++++++++++++++++++++++++++++++++++-------------------
 ui/vnc-ws.h |   9 +++--
 ui/vnc.h    |   2 ++
 3 files changed, 88 insertions(+), 38 deletions(-)


reply via email to

[Prev in Thread] Current Thread [Next in Thread]