PT-2013-4863 · Red Hat+1 · Spice+2

Published

2013-07-15

Updated

2014-01-24

CVE-2013-4130

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions SPICE versions prior to 0.12.4

Description The issue is related to the red channel pipes add type and red channel pipes add empty msg functions in server/red channel.c. These functions do not properly perform ring loops, which might allow remote attackers to cause a denial of service by triggering a network error, leading to a reachable assertion and server exit.

Recommendations For versions prior to 0.12.4, update to version 0.12.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the red channel pipes add type and red channel pipes add empty msg functions until a patch is available.

Fix

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-399

Related Identifiers

CESA-2013_1192

CVE-2013-4130

DSA-2839-1

MGASA-2013-0255

RHSA-2013:1192

RHSA-2013:1260

RHSA-2013_1192

USN-1926-1

Affected Products

Centos

Red Hat

Spice

PT-2013-4863 · Red Hat+1 · Spice+2

CVE-2013-4130

Weakness Enumeration

Related Identifiers

Affected Products

References · 28