CVE-2020-14355

Опубликовано: 07 окт. 2020

Источник: ubuntu

Приоритет: medium

EPSS Низкий

CVSS2: 6.5

CVSS3: 6.6

Описание

Multiple buffer overflow vulnerabilities were found in the QUIC image decoding process of the SPICE remote display system, before spice-0.14.2-1. Both the SPICE client (spice-gtk) and server are affected by these flaws. These flaws allow a malicious client or server to send specially crafted messages that, when processed by the QUIC image compression algorithm, result in a process crash or potential code execution.

Релиз	Статус	Примечание
bionic	released	0.14.0-1ubuntu2.5
devel	released	0.14.3-1ubuntu2
esm-infra-legacy/trusty	released	0.12.4-0nocelt2ubuntu1.8+esm1
esm-infra/bionic	released	0.14.0-1ubuntu2.5
esm-infra/focal	released	0.14.2-4ubuntu3.1
esm-infra/xenial	released	0.12.6-4ubuntu0.5
focal	released	0.14.2-4ubuntu3.1
groovy	released	0.14.3-1ubuntu2
hirsute	released	0.14.3-1ubuntu2
impish	released	0.14.3-1ubuntu2

Показывать по

Релиз	Статус	Примечание
bionic	ignored	end of standard support, was needed
devel	needed
esm-apps/bionic	needed
esm-apps/focal	needed
esm-apps/jammy	needed
esm-apps/noble	needed
esm-apps/xenial	needed
esm-infra-legacy/trusty	DNE
focal	ignored	end of standard support, was needed
groovy	ignored	end of life

Показывать по

Ссылки на источники

EPSS

Процентиль: 78%

0.01111

Низкий

6.5 Medium

CVSS2

6.6 Medium

CVSS3

Связанные уязвимости

CVE-2020-14355

CVSS3: 6.6

redhat

больше 5 лет назад

CVE-2020-14355

CVSS3: 6.6

nvd

больше 5 лет назад

CVE-2020-14355

CVSS3: 6.6

debian

больше 5 лет назад

Multiple buffer overflow vulnerabilities were found in the QUIC image ...

openSUSE-SU-2020:1803-1

suse-cvrf

больше 5 лет назад

Security update for spice-gtk

openSUSE-SU-2020:1802-1

suse-cvrf

больше 5 лет назад

Security update for spice

EPSS

Процентиль: 78%

0.01111

Низкий

6.5 Medium

CVSS2

6.6 Medium

CVSS3

CVE-2020-14355

Описание

Пакет spice

Пакет spice-gtk

Ссылки на источники

Связанные уязвимости