Описание
A vulnerability was discovered in SPICE before version 0.14.1 where the generated code used for demarshalling messages lacked sufficient bounds checks. A malicious client or server, after authentication, could send specially crafted messages to its peer which would result in a crash or, potentially, other impacts.
A vulnerability was discovered in SPICE where the generated code used for demarshalling messages lacked sufficient bounds checks. A malicious client or server, after authentication, could send specially crafted messages to its peer which would result in a crash or, potentially, other impacts.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | qspice | Not affected | ||
| Red Hat Enterprise Linux 8 | spice | Not affected | ||
| Red Hat Enterprise Linux 6 | spice-gtk | Fixed | RHSA-2018:2732 | 20.09.2018 |
| Red Hat Enterprise Linux 6 | spice-server | Fixed | RHSA-2018:2732 | 20.09.2018 |
| Red Hat Enterprise Linux 7 | spice | Fixed | RHSA-2018:2731 | 20.09.2018 |
| Red Hat Enterprise Linux 7 | spice-gtk | Fixed | RHSA-2018:2731 | 20.09.2018 |
| Red Hat Virtualization 4 for Red Hat Enterprise Linux 7 | imgbased | Fixed | RHSA-2018:3470 | 05.11.2018 |
| Red Hat Virtualization 4 for Red Hat Enterprise Linux 7 | redhat-release-virtualization-host | Fixed | RHSA-2018:3470 | 05.11.2018 |
| Red Hat Virtualization 4 for Red Hat Enterprise Linux 7 | redhat-virtualization-host | Fixed | RHSA-2018:3470 | 05.11.2018 |
Показывать по
Дополнительная информация
Статус:
EPSS
8.3 High
CVSS3
Связанные уязвимости
A vulnerability was discovered in SPICE before version 0.14.1 where the generated code used for demarshalling messages lacked sufficient bounds checks. A malicious client or server, after authentication, could send specially crafted messages to its peer which would result in a crash or, potentially, other impacts.
A vulnerability was discovered in SPICE before version 0.14.1 where the generated code used for demarshalling messages lacked sufficient bounds checks. A malicious client or server, after authentication, could send specially crafted messages to its peer which would result in a crash or, potentially, other impacts.
A vulnerability was discovered in SPICE before version 0.14.1 where th ...
A vulnerability was discovered in SPICE before version 0.14.1 where the generated code used for demarshalling messages lacked sufficient bounds checks. A malicious client or server, after authentication, could send specially crafted messages to its peer which would result in a crash or, potentially, other impacts.
ELSA-2018-2732: spice-gtk and spice-server security update (IMPORTANT)
EPSS
8.3 High
CVSS3