ALT-PU-2018-2257-1
Closed vulnerabilities
Published: 2018-08-17
BDU:2019-00441
Уязвимость функции write_validate_array_item() («demarshal.py») системы рендеринга удаленного виртуального «рабочего стола» SPICE (the Simple Protocol for Independent Computing Environments), связанная с недостаточной проверкой вводимых данных, позволяющая нарушителю получить доступ к конфиденциальной информации или вызвать отказ в обслуживании
Severity: MEDIUM (6.3)
Vector: AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
References:
Published: 2018-08-17
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2018-10873
A vulnerability was discovered in SPICE before version 0.14.1 where the generated code used for demarshalling messages lacked sufficient bounds checks. A malicious client or server, after authentication, could send specially crafted messages to its peer which would result in a crash or, potentially, other impacts.
Severity: HIGH (8.8)
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
References:
- 105152
- 105152
- RHSA-2018:2731
- RHSA-2018:2731
- RHSA-2018:2732
- RHSA-2018:2732
- RHSA-2018:3470
- RHSA-2018:3470
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10873
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10873
- https://gitlab.freedesktop.org/spice/spice-common/commit/bb15d4815ab586b4c4a20f4a565970a44824c42c
- https://gitlab.freedesktop.org/spice/spice-common/commit/bb15d4815ab586b4c4a20f4a565970a44824c42c
- [debian-lts-announce] 20180831 [SECURITY] [DLA 1488-1] spice security update
- [debian-lts-announce] 20180831 [SECURITY] [DLA 1488-1] spice security update
- [debian-lts-announce] 20180831 [SECURITY] [DLA 1486-1] spice security update
- [debian-lts-announce] 20180831 [SECURITY] [DLA 1486-1] spice security update
- [debian-lts-announce] 20180831 [SECURITY] [DLA 1489-1] spice-gtk security update
- [debian-lts-announce] 20180831 [SECURITY] [DLA 1489-1] spice-gtk security update
- USN-3751-1
- USN-3751-1
- DSA-4319
- DSA-4319