ALT-PU-2017-1042-1
Closed vulnerabilities
Published: 2017-05-19
BDU:2018-00028
Уязвимость библиотеки spice, связанная с переполнением буфера, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код
Severity: HIGH (8.8)
Vector: AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
References:
Published: 2017-07-18
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2017-7506
spice versions though 0.13 are vulnerable to out-of-bounds memory access when processing specially crafted messages from authenticated attacker to the spice server resulting into crash and/or server memory leak.
Severity: HIGH (8.8)
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
References:
- DSA-3907
- DSA-3907
- [oss-security] 20170714 CVE-2017-7506 spice: Possible buffer overflow via invalid monitor configurations
- [oss-security] 20170714 CVE-2017-7506 spice: Possible buffer overflow via invalid monitor configurations
- 99583
- 99583
- RHSA-2017:2471
- RHSA-2017:2471
- RHSA-2018:3522
- RHSA-2018:3522
- https://bugzilla.redhat.com/show_bug.cgi?id=1452606
- https://bugzilla.redhat.com/show_bug.cgi?id=1452606