PT-2016-7783 · Red Hat+4 · Spice+5

Frediano Ziglio

Publicado

2016-12-31

Atualizado

2024-06-15

CVE-2016-9577

CVSS v3.1

8.8

Alta

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions SPICE versions prior to 0.13.90

Description A vulnerability was discovered in the server's protocol handling, allowing an authenticated attacker to send crafted messages to the SPICE server. This could cause a heap overflow, leading to a crash or possible code execution.

Recommendations For versions prior to 0.13.90, update to version 0.13.90 or later to resolve the issue. As a temporary workaround, consider restricting access to the SPICE server to minimize the risk of exploitation.

Correção

RCE

Buffer Overflow

Heap Based Buffer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20CWE-119CWE-122

Identificadores relacionados

ALT-PU-2017-2174

CESA-2017_0253

CESA-2017_0254

CVE-2016-9577

DLA-825-1

DSA-3790-1

MGASA-2017-0062

OPENSUSE-SU-2017_0419-1

OPENSUSE-SU-2017_0421-1

OPENSUSE-SU-2024:11397-1

RHSA-2017:0253

RHSA-2017:0254

RHSA-2017:0549

RHSA-2017:0552

RHSA-2017_0253

RHSA-2017_0254

SUSE-SU-2017:0392-1

SUSE-SU-2017:0393-1

SUSE-SU-2017:0396-1

SUSE-SU-2017:0400-1

SUSE-SU-2017_0392-1

SUSE-SU-2017_0393-1

SUSE-SU-2017_0396-1

SUSE-SU-2017_0400-1

USN-3202-1

Produtos afetados

Alt Linux

Centos

Red Hat

Spice

Suse

Ubuntu

PT-2016-7783 · Red Hat+4 · Spice+5

CVE-2016-9577

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 74