CVE-2015-5261

Опубликовано: 06 окт. 2015

Источник: redhat

CVSS2: 4.3

EPSS Низкий

Описание

Heap-based buffer overflow in SPICE before 0.12.6 allows guest OS users to read and write to arbitrary memory locations on the host via guest QXL commands related to surface creation.

A heap-based buffer overflow flaw was found in the way SPICE handled certain guest QXL commands related to surface creation. A user in a guest could use this flaw to read and write arbitrary memory locations on the host.

Ссылки на источники

Дополнительная информация

Статус:

Important

https://bugzilla.redhat.com/show_bug.cgi?id=1261889spice: host memory access from guest using crafted images

EPSS

Процентиль: 26%

0.00086

Низкий

4.3 Medium

CVSS2

Связанные уязвимости

CVE-2015-5261

CVSS3: 7.1

ubuntu

около 9 лет назад

Heap-based buffer overflow in SPICE before 0.12.6 allows guest OS users to read and write to arbitrary memory locations on the host via guest QXL commands related to surface creation.

CVE-2015-5261

CVSS3: 7.1

nvd

около 9 лет назад

Heap-based buffer overflow in SPICE before 0.12.6 allows guest OS users to read and write to arbitrary memory locations on the host via guest QXL commands related to surface creation.

CVE-2015-5261

CVSS3: 7.1

debian

около 9 лет назад

Heap-based buffer overflow in SPICE before 0.12.6 allows guest OS user ...

GHSA-w69p-8vxh-m87g

CVSS3: 7.1

github

больше 3 лет назад

Heap-based buffer overflow in SPICE before 0.12.6 allows guest OS users to read and write to arbitrary memory locations on the host via guest QXL commands related to surface creation.

ELSA-2015-1890

oracle-oval

почти 10 лет назад

ELSA-2015-1890: spice security update (IMPORTANT)

EPSS

Процентиль: 26%

0.00086

Низкий

4.3 Medium

CVSS2