Home CVE Database CVE-2017-15124

CVE-2017-15124

Description

VNC server implementation in Quick Emulator (QEMU) before 2.14.3 was found to be vulnerable to an unbounded memory allocation issue, as it did not throttle the framebuffer updates sent to its client. If the client did not consume these updates, VNC server allocates growing memory to hold onto this data. A malicious remote VNC client could use this flaw to cause DoS to the server host.

Priority: HIGH
CVSS v3: 7.5
Publish Date: Jan 9, 2018
Related ID: --
CVSS v2: High
Modified Date: Jan 9, 2018

Find out more about CVE-2017-15124 from the MITRE-CVE dictionary and NIST NVD


Products Affected

Login may be required to access defects or downloads.

Related Products

Product Name Status Defect Fixed Downloads
Linux 7 SCP Not Vulnerable -- -- --
Linux 7 CGP Not Vulnerable -- -- --

Comments

qemu

Live chat
Online