CVE-2017-15124
7.5
HIGH
CVSS 3.1
EPSS 0.76%
Description
VNC server implementation in Quick Emulator (QEMU) 2.11.0 and older was found to be vulnerable to an unbounded memory allocation issue, as it did not throttle the framebuffer updates sent to its client. If the client did not consume these updates, VNC server allocates growing memory to hold onto this data. A malicious remote VNC client could use this flaw to cause DoS to the server host.
How to fix CVE-2017-15124
To remediate CVE-2017-15124, upgrade the affected package to a fixed version below.
- —upgrade to 1:2.12~rc3+dfsg-1 or later
Is CVE-2017-15124 being exploited?
Low — EPSS is 0.8%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 1:2.12~rc3+dfsg-1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |