Note:
This project will be discontinued after December 13, 2021. [more]
2019-02-04
Spice, versions 0.5.2 through 0.14.1, are vulnerable to an out-of-bounds read due to an off-by-one error in memslot_get_virt. This may lead to a denial of service, or, in the worst case, code-execution by unauthenticated attackers.
Products | Ubuntu_linux, Debian_linux, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Spice |
Type | Off-by-one Error (CWE-193) |
First patch | - None (likely due to unavailable code) |
Links |
• http://www.securityfocus.com/bid/106801
• https://usn.ubuntu.com/3870-1/ • https://access.redhat.com/errata/RHSA-2019:0231 • https://access.redhat.com/errata/RHSA-2019:0232 • https://www.debian.org/security/2019/dsa-4375 |