FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

qemu -- denial of service vulnerability

Affected packages
qemu < 2.3.0
qemu-devel < 2.3.0
qemu-sbruno < 2.3.0


VuXML ID a228c7a0-ba66-11e6-b1cf-14dae9d210b8
Discovery 2015-03-23
Entry 2016-12-04
Modified 2016-12-06

Daniel P. Berrange reports:

The VNC server websockets decoder will read and buffer data from websockets clients until it sees the end of the HTTP headers, as indicated by \r\n\r\n. In theory this allows a malicious to trick QEMU into consuming an arbitrary amount of RAM.


CVE Name CVE-2015-1779
FreeBSD PR ports/206725