Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
8.8
CVSSv3

CVE-2018-10873

Published: 17/08/2018 Updated: 09/10/2019
CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 578
Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P
Subscribe to Spice

Vulnerability Summary

A vulnerability exists in SPICE before version 0.14.1 where the generated code used for demarshalling messages lacked sufficient bounds checks. A malicious client or server, after authentication, could send specially crafted messages to its peer which would result in a crash or, potentially, other impacts.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

spice project spice

debian debian linux 8.0

debian debian linux 9.0

canonical ubuntu linux 14.04

canonical ubuntu linux 16.04

canonical ubuntu linux 18.04

redhat enterprise linux desktop 6.0

redhat enterprise linux workstation 6.0

redhat enterprise linux server tus 7.6

redhat virtualization host 4.0

redhat enterprise linux server 7.0

redhat enterprise linux workstation 7.0

redhat enterprise linux server aus 7.6

redhat enterprise linux server eus 7.5

redhat enterprise linux server eus 7.6

redhat enterprise linux server 6.0

redhat enterprise linux desktop 7.0

redhat virtualization 4.0

Vendor Advisories

Ubuntu Security Notice: spice, spice-protocol vulnerability
Spice could be made to crash if it received specially crafted network traffic ...
Debian CVElist Bug Report Logs: spice: CVE-2018-10873: Missing check in demarshal.py:write_validate_array_item() allows for buffer overflow and denial of service
Debian Bug report logs - #906315 spice: CVE-2018-10873: Missing check in demarshalpy:write_validate_array_item() allows for buffer overflow and denial of service Package: src:spice; Maintainer for src:spice is Liang Guo <guoliang@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 17 Aug 201 ...
Debian CVElist Bug Report Logs: spice-gtk: CVE-2017-12194: Integer overflows causing buffer overflows in spice-client
Debian Bug report logs - #898503 spice-gtk: CVE-2017-12194: Integer overflows causing buffer overflows in spice-client Package: src:spice-gtk; Maintainer for src:spice-gtk is Liang Guo <guoliang@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 12 May 2018 20:21:01 UTC Severity: important ...
Red Hat: Important: spice and spice-gtk security update
Synopsis Important: spice and spice-gtk security update Type/Severity Security Advisory: Important Topic An update for spice and spice-gtk is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring S ...
Red Hat: Important: spice-gtk and spice-server security update
Synopsis Important: spice-gtk and spice-server security update Type/Severity Security Advisory: Important Topic An update for spice-gtk and spice-server is now available for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerabi ...
Red Hat: Moderate: Red Hat Virtualization security and bug fix update
Synopsis Moderate: Red Hat Virtualization security and bug fix update Type/Severity Security Advisory: Moderate Topic An update for imgbased, redhat-release-virtualization-host, and redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7Red Hat Product Securi ...
Debian Security Advisories: DSA-4319-1 spice -- security update
Frediano Ziglio reported a missing check in the script to generate demarshalling code in the SPICE protocol client and server library The generated demarshalling code is prone to multiple buffer overflows An authenticated attacker can take advantage of this flaw to cause a denial of service (spice server crash), or possibly, execute arbitrary cod ...
Red Hat: CVE-2018-10873
A vulnerability was discovered in SPICE where the generated code used for demarshalling messages lacked sufficient bounds checks A malicious client or server, after authentication, could send specially crafted messages to its peer which would result in a crash or, potentially, other impacts ...

References

CWE-20https://gitlab.freedesktop.org/spice/spice-common/commit/bb15d4815ab586b4c4a20f4a565970a44824c42chttps://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10873https://usn.ubuntu.com/3751-1/http://www.securityfocus.com/bid/105152https://lists.debian.org/debian-lts-announce/2018/08/msg00038.htmlhttps://lists.debian.org/debian-lts-announce/2018/08/msg00037.htmlhttps://lists.debian.org/debian-lts-announce/2018/08/msg00035.htmlhttps://access.redhat.com/errata/RHSA-2018:2732https://access.redhat.com/errata/RHSA-2018:2731https://www.debian.org/security/2018/dsa-4319https://access.redhat.com/errata/RHSA-2018:3470https://usn.ubuntu.com/3751-1/https://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
IMAPCVE-2024-4367server-side request forgeryinformation disclosureCVE-2024-34342CVE-2024-4281CVE-2024-3507CVE-2024-25560CVE-2024-34574
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook