Published: 28/05/2021 Updated: 21/10/2022

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 5.3 | Impact Score: 1.4 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

A flaw was found in spice in versions prior to 0.14.92. A DoS tool might make it easier for remote malicious users to cause a denial of service (CPU consumption) by performing many renegotiations within a single connection.

Vulnerable Product	Search on Vulmon	Subscribe to Product
spice project spice
redhat enterprise linux 7.0
redhat enterprise linux 6.0
redhat enterprise linux 8.0

Debian Bug report logs - #983698 spice: CVE-2021-20201: Client initiated renegotiation denial of service Package: src:spice; Maintainer for src:spice is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 28 Feb 2021 15:21:04 UTC Severity: import ...

An issue was discovered in spice version 01491 and before There is a DoS Vulnerability which might make it easier for remote attackers to cause a denial of service (CPU consumption) by performing many renegotiations within a single connection ...

NVD-CWE-Other https://blog.qualys.com/product-tech/2011/10/31/tls-renegotiation-and-denial-of-service-attacks https://bugzilla.redhat.com/show_bug.cgi?id=1921846 https://security.gentoo.org/glsa/202208-10 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=983698 https://nvd.nist.gov https://security.archlinux.org/CVE-2021-20201

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2021-20201

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect