PT-2017-3269 · Red Hat+4 · Spice+5

Publicado

2017-01-17

Atualizado

2023-02-12

CVE-2017-7506

CVSS v3.1

8.8

Alta

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions spice versions prior to 0.14

Description The issue is related to out-of-bounds memory access when processing specially crafted messages from an authenticated attacker to the spice server, resulting in a crash and/or server memory leak. It is also described as a buffer overflow vulnerability, which can allow a remote attacker to cause a denial of service or execute arbitrary code using a specially crafted message.

Recommendations For spice versions prior to 0.14, update to version 0.14 or later to resolve the issue.

Correção

Buffer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-119

Identificadores relacionados

ALT-PU-2017-1042

BDU:2018-00028

CESA-2017_2471

CESA-2018_3522

CVE-2017-7506

DSA-3907-1

MGASA-2017-0239

OPENSUSE-SU-2017_1843-1

OPENSUSE-SU-2017_2604-1

RHSA-2017:2471

RHSA-2017_2471

RHSA-2018:3522

RHSA-2018_3522

SUSE-SU-2017:1832-1

SUSE-SU-2017:1836-1

SUSE-SU-2017:1837-1

SUSE-SU-2017:1839-1

SUSE-SU-2017:2552-1

SUSE-SU-2017_1832-1

SUSE-SU-2017_1836-1

SUSE-SU-2017_1837-1

SUSE-SU-2017_1839-1

SUSE-SU-2017_2552-1

USN-3355-1

Produtos afetados

Alt Linux

Centos

Red Hat

Suse

Ubuntu

Spice

PT-2017-3269 · Red Hat+4 · Spice+5

CVE-2017-7506

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 64