#VU27388 Memory leak in QEMU


Published: 2020-04-28

Vulnerability identifier: #VU27388

Vulnerability risk: Medium

CVSSv3.1: 5.9 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-20382

CWE-ID: CWE-401

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
QEMU
Client/Desktop applications / Virtualization software

Vendor: QEMU

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the zrle_compress_data() function in ui/vnc-enc-zrle.c during a VNC disconnect operation because libz is misused, resulting in a situation where memory allocated in deflateInit2 is not freed in deflateEnd. A remote attacker can perform a denial of service attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

QEMU: 4.1.0

External links
http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00007.html
http://www.openwall.com/lists/oss-security/2020/03/05/1
http://git.qemu.org/?p=qemu.git;a=commit;h=6bf21f3d83e95bcc4ba35a7a07cc6655e8b010b0

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Red Hat OpenStack update for qemu-kvm-rhev
Red Hat Enterprise Linux 7 update for qemu-kvm
Red Hat Enterprise Linux 7 update for qemu-kvm-ma
Red Hat Virtualization 4 update for qemu-kvm-rhev
Red Hat Enterprise Linux 8 update for the virt:rhel module
Ubuntu update for QEMU
Arch Linux update for qemu
Debian update for qemu
OpenSUSE Linux update for qemu
Multiple vulnerabilities in QEMU