Описание
Multiple integer overflow and buffer overflow issues were discovered in spice-client's handling of LZ compressed frames. A malicious server could cause the client to crash or, potentially, execute arbitrary code.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | spice-client | Will not fix | ||
| Red Hat Enterprise Linux 8 | spice-gtk | Not affected | ||
| Red Hat Enterprise Linux 6 | spice-gtk | Fixed | RHSA-2020:0471 | 11.02.2020 |
| Red Hat Enterprise Linux 7 | libgovirt | Fixed | RHSA-2019:2229 | 06.08.2019 |
| Red Hat Enterprise Linux 7 | spice-gtk | Fixed | RHSA-2019:2229 | 06.08.2019 |
| Red Hat Enterprise Linux 7 | spice-vdagent | Fixed | RHSA-2019:2229 | 06.08.2019 |
| Red Hat Enterprise Linux 7 | virt-viewer | Fixed | RHSA-2019:2229 | 06.08.2019 |
Показывать по
Дополнительная информация
Статус:
EPSS
7.6 High
CVSS3
Связанные уязвимости
Multiple integer overflow and buffer overflow issues were discovered in spice-client's handling of LZ compressed frames. A malicious server could cause the client to crash or, potentially, execute arbitrary code.
Multiple integer overflow and buffer overflow issues were discovered in spice-client's handling of LZ compressed frames. A malicious server could cause the client to crash or, potentially, execute arbitrary code.
Multiple integer overflow and buffer overflow issues were discovered i ...
Multiple integer overflow and buffer overflow issues were discovered in spice-client's handling of LZ compressed frames. A malicious server could cause the client to crash or, potentially, execute arbitrary code.
EPSS
7.6 High
CVSS3