Описание
A vulnerability was discovered in SPICE before version 0.14.1 where the generated code used for demarshalling messages lacked sufficient bounds checks. A malicious client or server, after authentication, could send specially crafted messages to its peer which would result in a crash or, potentially, other impacts.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 0.14.0-1ubuntu2.2 |
| cosmic | released | 0.14.0-1ubuntu4 |
| devel | released | 0.14.0-1ubuntu4 |
| disco | released | 0.14.0-1ubuntu4 |
| eoan | released | 0.14.0-1ubuntu4 |
| esm-infra-legacy/trusty | released | 0.12.4-0nocelt2ubuntu1.7 |
| esm-infra/bionic | released | 0.14.0-1ubuntu2.2 |
| esm-infra/focal | released | 0.14.0-1ubuntu4 |
| esm-infra/xenial | not-affected | |
| focal | released | 0.14.0-1ubuntu4 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support, was needed |
| cosmic | not-affected | 0.35-2 |
| devel | not-affected | 0.35-2 |
| disco | not-affected | 0.35-2 |
| eoan | not-affected | 0.35-2 |
| esm-apps/bionic | needed | |
| esm-apps/focal | not-affected | 0.35-2 |
| esm-apps/jammy | not-affected | 0.35-2 |
| esm-apps/noble | not-affected | 0.35-2 |
| esm-apps/xenial | needed |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | not-affected | |
| cosmic | not-affected | |
| devel | not-affected | |
| disco | not-affected | |
| eoan | not-affected | |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was not-affected] |
| esm-infra/bionic | not-affected | |
| esm-infra/focal | not-affected | |
| esm-infra/xenial | released | 0.12.10-1ubuntu0.2 |
| focal | not-affected |
Показывать по
EPSS
6.5 Medium
CVSS2
8.3 High
CVSS3
Связанные уязвимости
A vulnerability was discovered in SPICE before version 0.14.1 where the generated code used for demarshalling messages lacked sufficient bounds checks. A malicious client or server, after authentication, could send specially crafted messages to its peer which would result in a crash or, potentially, other impacts.
A vulnerability was discovered in SPICE before version 0.14.1 where the generated code used for demarshalling messages lacked sufficient bounds checks. A malicious client or server, after authentication, could send specially crafted messages to its peer which would result in a crash or, potentially, other impacts.
A vulnerability was discovered in SPICE before version 0.14.1 where th ...
A vulnerability was discovered in SPICE before version 0.14.1 where the generated code used for demarshalling messages lacked sufficient bounds checks. A malicious client or server, after authentication, could send specially crafted messages to its peer which would result in a crash or, potentially, other impacts.
ELSA-2018-2732: spice-gtk and spice-server security update (IMPORTANT)
EPSS
6.5 Medium
CVSS2
8.3 High
CVSS3