PT-2013-4863 · Red Hat+1 · Spice+2

Publicado

2013-07-15

Atualizado

2014-01-24

CVE-2013-4130

CVSS v2.0

5.0

Média

Vetor

AV:N/AC:L/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions SPICE versions prior to 0.12.4

Description The issue is related to the red channel pipes add type and red channel pipes add empty msg functions in server/red channel.c. These functions do not properly perform ring loops, which might allow remote attackers to cause a denial of service by triggering a network error, leading to a reachable assertion and server exit.

Recommendations For versions prior to 0.12.4, update to version 0.12.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the red channel pipes add type and red channel pipes add empty msg functions until a patch is available.

Correção

DoS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-399

Identificadores relacionados

CESA-2013_1192

CVE-2013-4130

DSA-2839-1

MGASA-2013-0255

RHSA-2013:1192

RHSA-2013:1260

RHSA-2013_1192

USN-1926-1

Produtos afetados

Centos

Red Hat

Spice

PT-2013-4863 · Red Hat+1 · Spice+2

CVE-2013-4130

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 28