Уязвимость библиотеки spice, связанная с переполнением буфера, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код

Уязвимость функции write_validate_array_item() («demarshal.py») системы рендеринга удаленного виртуального «рабочего стола» SPICE (the Simple Protocol for Independent Computing Environments), связанная с недостаточной проверкой вводимых данных, позволяющая нарушителю получить доступ к конфиденциальной информации или вызвать отказ в обслуживании

A vulnerability was discovered in SPICE before 0.13.90 in the server's protocol handling. An authenticated attacker could send crafted messages to the SPICE server causing a heap overflow leading to a crash or possible code execution.

A vulnerability was discovered in SPICE before 0.13.90 in the server's protocol handling. An attacker able to connect to the SPICE server could send crafted messages which would cause the process to crash.

spice versions though 0.13 are vulnerable to out-of-bounds memory access when processing specially crafted messages from authenticated attacker to the spice server resulting into crash and/or server memory leak.

A vulnerability was discovered in SPICE before version 0.14.1 where the generated code used for demarshalling messages lacked sufficient bounds checks. A malicious client or server, after authentication, could send specially crafted messages to its peer which would result in a crash or, potentially, other impacts.