oss-sec mailing list archives
CVE-2019-20382 QEMU: vnc: memory leakage upon disconnect
From: P J P <ppandit () redhat com>
Date: Thu, 5 Mar 2020 14:59:17 +0530 (IST)
Hello,A memory leakage flaw was found in the way VNC display driver of QEMU handled connection disconnect, when ZRLE, Tight encoding is enabled. It creates two vncState objects, one of which allocates memory for Zlib's data object. This allocated memory is not free'd upon disconnection resulting in the said memory leakage issue.
A user able to connect to the VNC server could use this flaw to leak host memory leading to a potential DoS scenario.
Upstream patch: --------------- -> https://git.qemu.org/?p=qemu.git;a=commitdiff;h=6bf21f3d83e95bcc4ba35a7a07cc6655e8b010b0 CVE-2019-20382 assigned via -> https://cveform.mitre.org/ Thank you. -- Prasad J Pandit / Red Hat Product Security Team 8685 545E B54C 486B C6EB 271E E285 8B5A F050 DE8D
Current thread:
- CVE-2019-20382 QEMU: vnc: memory leakage upon disconnect P J P (Mar 05)