Published: 20/08/2013 Updated: 24/01/2014

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

The (1) red_channel_pipes_add_type and (2) red_channel_pipes_add_empty_msg functions in server/red_channel.c in SPICE prior to 0.12.4 do not properly perform ring loops, which might allow remote malicious users to cause a denial of service (reachable assertion and server exit) by triggering a network error.

Vulnerable Product	Search on Vulmon	Subscribe to Product
spice project spice 0.12.0
spice project spice 0.11.3
spice project spice 0.8.2
spice project spice 0.8.1
spice project spice 0.7.0
spice project spice 0.6.1
spice project spice 0.11.0
spice project spice 0.10.1
spice project spice 0.8.0
spice project spice 0.6.4
spice project spice 0.6.3
spice project spice 0.6.0
spice project spice 0.5.3
spice project spice
spice project spice 0.12.2
spice project spice 0.9.1
spice project spice 0.9.0
spice project spice 0.7.2
spice project spice 0.7.1
spice project spice 0.10.0
spice project spice 0.8.3
spice project spice 0.6.2
spice project spice 0.7.3
spice project spice 0.5.2
canonical ubuntu linux 13.04

SPICE could be made to crash if it received specially crafted network traffic ...

Synopsis Moderate: spice-server security update Type/Severity Security Advisory: Moderate Topic An updated spice-server package that fixes one security issue is nowavailable for Red Hat Enterprise Linux 6The Red Hat Security Response Team has rated this update as having moderatesecurity impact A Common Vu ...

Synopsis Moderate: rhev-hypervisor6 security and bug fix update Type/Severity Security Advisory: Moderate Topic An updated rhev-hypervisor6 package that fixes one security issue andvarious bugs is now availableThe Red Hat Security Response Team has rated this update as having moderatesecurity impact A Com ...

Debian Bug report logs - #717030 spice: CVE-2013-4130 Package: spice; Maintainer for spice is Liang Guo <guoliang@debianorg>; Reported by: Moritz Muehlenhoff <jmm@inutilorg> Date: Tue, 16 Jul 2013 07:42:02 UTC Severity: grave Tags: security Found in version 0110-1 Fixed in versions spice/0124-0nocelt1, spice/0 ...

Debian Bug report logs - #728314 spice: CVE-2013-4282: stack buffer overflow in reds_handle_ticket() function Package: spice; Maintainer for spice is Liang Guo <guoliang@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 30 Oct 2013 15:00:02 UTC Severity: grave Tags: fixed-upstream, patch, ...

Multiple vulnerabilities have been found in spice, a SPICE protocol client and server library The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2013-4130 David Gibson of Red Hat discovered that SPICE incorrectly handled certain network errors A remote user able to initiate a SPICE connection to an applic ...

The (1) red_channel_pipes_add_type and (2) red_channel_pipes_add_empty_msg functions in server/red_channelc in SPICE before 0124 do not properly perform ring loops, which might allow remote attackers to cause a denial of service (reachable assertion and server exit) by triggering a network error ...

CWE-399 http://cgit.freedesktop.org/spice/spice/commit/?id=53488f0275d6c8a121af49f7ac817d09ce68090d http://seclists.org/oss-sec/2013/q3/115 http://www.ubuntu.com/usn/USN-1926-1 https://bugzilla.redhat.com/show_bug.cgi?id=984769 http://rhn.redhat.com/errata/RHSA-2013-1260.html http://www.debian.org/security/2014/dsa-2839 https://usn.ubuntu.com/1926-1/https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2013-4130

CVE-2013-4130

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect