PT-2018-3720 · Red Hat+2 · Spice-Client+3

Frediano Ziglio

Publicado

2018-07-20

Atualizado

2024-06-15

CVE-2018-10893

CVSS v3.1

8.8

Alta

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions spice-client (affected versions not specified)

Description The issue is related to integer overflow in the spice-client software for remote access. It may allow a remote attacker to gain access to confidential information or cause a denial of service. Additionally, multiple integer overflow and buffer overflow issues were found in the handling of LZ compressed frames, which could cause the client to crash or potentially execute arbitrary code if a malicious server is involved.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Heap Based Buffer Overflow

Integer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-122CWE-190

Identificadores relacionados

BDU:2021-03769

CESA-2019_2229

CESA-2020_0471

CVE-2018-10893

MGASA-2019-0099

MGASA-2019-0100

OPENSUSE-SU-2018_2598-1

OPENSUSE-SU-2018_2601-1

OPENSUSE-SU-2018_2602-1

OPENSUSE-SU-2018_2730-1

OPENSUSE-SU-2024:11397-1

OPENSUSE-SU-2024:11398-1

RHSA-2019:2229

RHSA-2019_2229

RHSA-2020:0471

RHSA-2020_0471

SUSE-SU-2018:2563-1

SUSE-SU-2018:2566-1

SUSE-SU-2018:2584-1

SUSE-SU-2018:2593-1

SUSE-SU-2018:2594-1

SUSE-SU-2018:2595-1

SUSE-SU-2018:2709-1

SUSE-SU-2020:3841-1

SUSE-SU-2020:3842-1

Produtos afetados

Centos

Red Hat

Suse

Spice-Client

PT-2018-3720 · Red Hat+2 · Spice-Client+3

CVE-2018-10893

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 60