BDU:2018-00589

Уязвимость SPICE-клиента Spice-GTK, связанная с недостаточной проверкой вводимых данных, позволяющая нарушителю выполнить произвольный код

Severity: HIGH (7.5)

References:

CVE-2017-12194
BID ID:103413

Published: 2018-03-15
Modified: 2024-11-21

CVE-2017-12194

A flaw was found in the way spice-client processed certain messages sent from the server. An attacker, having control of malicious spice-server, could use this flaw to crash the client or execute arbitrary code with permissions of the user running the client. spice-gtk versions through 0.34 are believed to be vulnerable.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

103413
103413
https://bugzilla.redhat.com/show_bug.cgi?id=1501200
https://bugzilla.redhat.com/show_bug.cgi?id=1501200
GLSA-201811-20
GLSA-201811-20
USN-3659-1
USN-3659-1

Version: 2.1.0

Package libspice-gtk update in sisyphus on 2018-07-11

ALT-PU-2018-1998-1

Closed vulnerabilities

BDU:2018-00589

CVE-2017-12194