QwikSec

Security Database

CVE

CWE

Training

CVE-2018-10873

Published: Aug 17, 2018

Modified: Aug 5, 2024

PUBLISHED

CVSS v3.0

8.3

HIGH

Description

A vulnerability was discovered in SPICE before version 0.14.1 where the generated code used for demarshalling messages lacked sufficient bounds checks. A malicious client or server, after authentication, could send specially crafted messages to its peer which would result in a crash or, potentially, other impacts.

Vendor	Product	Versions
[UNKNOWN]	spice:	affected `0.14.1`

Weaknesses (CWE)

CVSS v3.0 Details

CVSS v3.0 Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

Low

Availability

High

References

vendor-advisory

x_refsource_DEBIAN

[debian-lts-announce] 20180831 [SECURITY] [DLA 1488-1] spice security update

mailing-list

x_refsource_MLIST

vendor-advisory

x_refsource_UBUNTU

vendor-advisory

x_refsource_REDHAT

[debian-lts-announce] 20180831 [SECURITY] [DLA 1486-1] spice security update

mailing-list

x_refsource_MLIST

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10873

x_refsource_CONFIRM

vendor-advisory

x_refsource_REDHAT

vendor-advisory

x_refsource_REDHAT

[debian-lts-announce] 20180831 [SECURITY] [DLA 1489-1] spice-gtk security update

mailing-list

x_refsource_MLIST

vdb-entry

x_refsource_BID

https://gitlab.freedesktop.org/spice/spice-common/commit/bb15d4815ab586b4c4a20f4a565970a44824c42c

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.