Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2016-9577

Опубликовано: 06 фев. 2017
Источник: redhat
CVSS3: 7.5
CVSS2: 6
EPSS Низкий

Описание

A vulnerability was discovered in SPICE before 0.13.90 in the server's protocol handling. An authenticated attacker could send crafted messages to the SPICE server causing a heap overflow leading to a crash or possible code execution.

A vulnerability was discovered in SPICE in the server's protocol handling. An authenticated attacker could send crafted messages to the SPICE server causing a heap overflow leading to a crash or possible code execution.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Virtualization 4distributionAffected
Red Hat Enterprise Linux 6spice-serverFixedRHSA-2017:025306.02.2017
Red Hat Enterprise Linux 7spiceFixedRHSA-2017:025406.02.2017
Red Hat Virtualization 4 for Red Hat Enterprise Linux 7imgbasedFixedRHSA-2017:054916.03.2017
Red Hat Virtualization 4 for Red Hat Enterprise Linux 7redhat-release-virtualization-hostFixedRHSA-2017:054916.03.2017
Red Hat Virtualization 4 for Red Hat Enterprise Linux 7redhat-virtualization-hostFixedRHSA-2017:054916.03.2017
Red Hat Virtualization 4 for Red Hat Enterprise Linux 7rhevm-applianceFixedRHSA-2017:055216.03.2017

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-20->CWE-122
https://bugzilla.redhat.com/show_bug.cgi?id=1401603spice: Buffer overflow in main_channel_alloc_msg_rcv_buf when reading large messages

EPSS

Процентиль: 88%
0.03861
Низкий

7.5 High

CVSS3

6 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2016-9577

CVSS3: 7.5
ubuntu
больше 7 лет назад

A vulnerability was discovered in SPICE before 0.13.90 in the server's protocol handling. An authenticated attacker could send crafted messages to the SPICE server causing a heap overflow leading to a crash or possible code execution.

nvd логотип

CVE-2016-9577

CVSS3: 7.5
nvd
больше 7 лет назад

A vulnerability was discovered in SPICE before 0.13.90 in the server's protocol handling. An authenticated attacker could send crafted messages to the SPICE server causing a heap overflow leading to a crash or possible code execution.

debian логотип

CVE-2016-9577

CVSS3: 7.5
debian
больше 7 лет назад

A vulnerability was discovered in SPICE before 0.13.90 in the server's ...

github логотип

GHSA-fjp3-q3m4-wmjx

CVSS3: 8.8
github
больше 3 лет назад

A vulnerability was discovered in SPICE before 0.13.90 in the server's protocol handling. An authenticated attacker could send crafted messages to the SPICE server causing a heap overflow leading to a crash or possible code execution.

suse-cvrf логотип

openSUSE-SU-2017:0421-1

suse-cvrf
почти 9 лет назад

Security update for spice

EPSS

Процентиль: 88%
0.03861
Низкий

7.5 High

CVSS3

6 Medium

CVSS2