[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PATCH 0/2] CVE-2015-1779: fix denial of service in VNC web
|
From: |
Daniel P. Berrange |
|
Subject: |
[Qemu-devel] [PATCH 0/2] CVE-2015-1779: fix denial of service in VNC websockets |
|
Date: |
Mon, 23 Mar 2015 22:58:20 +0000 |
The VNC websockets protocol decoder has two places where it did
not correctly limit its resource usage when processing data from
the client. This can be abused by a malicious client to cause QEMU
to consume all system memory, unless it is otherwise limited by
ulimits and/or cgroups. These problems can be triggered in the
websockets layer before the VNC protocol actually starts, so no
client authentication will have taken place at this point.
Daniel P. Berrange (2):
CVE-2015-1779: incrementally decode websocket frames
CVE-2015-1779: limit size of HTTP headers from websockets clients
ui/vnc-ws.c | 115 +++++++++++++++++++++++++++++++++++++++++-------------------
ui/vnc-ws.h | 9 +++--
ui/vnc.h | 2 ++
3 files changed, 88 insertions(+), 38 deletions(-)
--
2.1.0
- [Qemu-devel] [PATCH 0/2] CVE-2015-1779: fix denial of service in VNC websockets,
Daniel P. Berrange <=