Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

CVE-2016-9577

Related Vulnerabilities: CVE-2016-9577  

A vulnerability was discovered in SPICE in the server's protocol handling. An authenticated attacker could send crafted messages to the SPICE server causing a heap overflow leading to a crash or possible code execution.

Source
A vulnerability was discovered in SPICE in the server's protocol handling. An authenticated attacker could send crafted messages to the SPICE server causing a heap overflow leading to a crash or possible code execution.

Find out more about CVE-2016-9577 from the MITRE CVE dictionary dictionary and NIST NVD.

CVSS v2 metrics

Base Score 6
Base Metrics AV:N/AC:M/Au:S/C:P/I:P/A:P
Access Vector Network
Access Complexity Medium
Authentication Single
Confidentiality Impact Partial
Integrity Impact Partial
Availability Impact Partial

CVSS v3 metrics

CVSS3 Base Score 7.5
CVSS3 Base Metrics CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector Network
Attack Complexity High
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity Impact High
Availability Impact High

Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).

Red Hat Security Errata

Platform Errata Release Date
Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts (rhevm-appliance) RHSA-2017:0552 2017-03-16
Red Hat Enterprise Linux 6 (spice-server) RHSA-2017:0253 2017-02-06
Red Hat Enterprise Linux 7 (spice) RHSA-2017:0254 2017-02-06
Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts RHSA-2017:0549 2017-03-16

Affected Packages State

Platform Package State
RHEV Manager 3 rhev-hypervisor Will not fix

Acknowledgements

This issue was discovered by Frediano Ziglio (Red Hat).

This page is generated automatically and has not been checked for errors or omissions.

For clarification or corrections please contact Red Hat Product Security.

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started