ALT-PU-2018-2432-1

Обновление пакета SPICE в ветке c7.1

Версия0.12.7-alt0.M70C.1

Задание#213613

Опубликовано2018-10-08

Макс. серьёзностьHIGH

Серьёзность:

Закрытые проблемы (3)

MEDIUM5.0

The (1) red_channel_pipes_add_type and (2) red_channel_pipes_add_empty_msg functions in server/red_channel.c in SPICE before 0.12.4 do not properly perform ring loops, which might allow remote attackers to cause a denial of service (reachable assertion and server exit) by triggering a network error.

Опубликовано: 2013-08-20Изменено: 2026-04-29

CVSS 2.0СРЕДНЯЯ 5.0

CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:P

Ссылки

HIGH7.8

Heap-based buffer overflow in SPICE before 0.12.6 allows guest OS users to cause a denial of service (heap-based memory corruption and QEMU-KVM crash) or possibly execute arbitrary code on the host via QXL commands related to the surface_id parameter.

Опубликовано: 2016-06-07Изменено: 2025-04-12

CVSS 2.0ВЫСОКАЯ 7.2

CVSS:2.0/AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS 3.xВЫСОКАЯ 7.8

CVSS:3.x/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Ссылки

HIGH7.1

Heap-based buffer overflow in SPICE before 0.12.6 allows guest OS users to read and write to arbitrary memory locations on the host via guest QXL commands related to surface creation.

Опубликовано: 2016-06-07Изменено: 2025-04-12

CVSS 2.0НИЗКАЯ 3.6

CVSS:2.0/AV:L/AC:L/Au:N/C:P/I:P/A:N

CVSS 3.xВЫСОКАЯ 7.1

CVSS:3.x/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Ссылки