Home
Packages
Forums
Wiki
GitLab
Security
AUR
Download

issues
advisories
todo
stats
log
login

CVE-2019-20382 - log back

CVE-2019-20382 edited at 06 Mar 2020 09:02:40

Severity

-	Unknown
+	Low

Remote

-	Unknown
+	Remote

Type

-	Unknown
+	Denial of service

Description

+	A memory leak has been found in in the way VNC display driver of QEMU <= 4.2.0 handled connection disconnect, when ZRLE, Tight encoding is enabled. It creates two vncState objects, one of which allocates memory for Zlib's data object. This allocated memory is not free'd upon disconnection resulting in the said memory leakage issue.
+	A user able to connect to the VNC server could use this flaw to leak host memory leading to a potential DoS scenario.

References

+	https://git.qemu.org/?p=qemu.git;a=commitdiff;h=6bf21f3d83e95bcc4ba35a7a07cc6655e8b010b0

Notes

CVE-2019-20382 created at 06 Mar 2020 09:01:23