Home

CVE-2018-10873

Description

A vulnerability was discovered in SPICE before version 0.14.1 where the generated code used for demarshalling messages lacked sufficient bounds checks. A malicious client or server, after authentication, could send specially crafted messages to its peer which would result in a crash or, potentially, other impacts.

Risk Information

Base Score
8.8
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
1.27

Associated Vulnerability

VulnerabilityOS Platform
Spice-gtk security update (CESA-2018:2732) spice-gtk-0.26-8.el6_10.1.i686.rpmLinux
Spice-gtk security update (CESA-2018:2732) spice-gtk-0.26-8.el6_10.1.x86_64.rpmLinux
Spice-gtk security update (CESA-2018:2732) spice-glib-0.26-8.el6_10.1.i686.rpmLinux
Spice-gtk security update (CESA-2018:2732) spice-glib-0.26-8.el6_10.1.x86_64.rpmLinux
Spice-server security update (CESA-2018:2732) spice-server-0.12.4-16.el6_10.1.x86_64.rpmLinux
Spice-gtk security update (CESA-2018:2732) spice-gtk-devel-0.26-8.el6_10.1.i686.rpmLinux
Spice-gtk security update (CESA-2018:2732) spice-gtk-devel-0.26-8.el6_10.1.x86_64.rpmLinux
Spice-gtk security update (CESA-2018:2732) spice-gtk-tools-0.26-8.el6_10.1.i686.rpmLinux
Spice-gtk security update (CESA-2018:2732) spice-gtk-tools-0.26-8.el6_10.1.x86_64.rpmLinux
Spice-gtk security update (CESA-2018:2732) spice-glib-devel-0.26-8.el6_10.1.i686.rpmLinux
Spice-gtk security update (CESA-2018:2732) spice-glib-devel-0.26-8.el6_10.1.x86_64.rpmLinux
Spice-gtk security update (CESA-2018:2732) spice-gtk-python-0.26-8.el6_10.1.i686.rpmLinux
Spice-gtk security update (CESA-2018:2732) spice-gtk-python-0.26-8.el6_10.1.x86_64.rpmLinux
Spice-server security update (CESA-2018:2732) spice-server-devel-0.12.4-16.el6_10.1.x86_64.rpmLinux
(RHSA-2018:2731) spice and spice-gtk security update spice-glib-0.34-3.el7_5.2.i686.rpmLinux
(RHSA-2018:2731) spice and spice-gtk security update spice-glib-0.34-3.el7_5.2.x86_64.rpmLinux
(RHSA-2018:2731) spice and spice-gtk security update spice-glib-devel-0.34-3.el7_5.2.i686.rpmLinux
(RHSA-2018:2731) spice and spice-gtk security update spice-glib-devel-0.34-3.el7_5.2.x86_64.rpmLinux
(RHSA-2018:2731) spice and spice-gtk security update spice-gtk-tools-0.34-3.el7_5.2.x86_64.rpmLinux
(RHSA-2018:2731) spice and spice-gtk security update spice-gtk3-0.34-3.el7_5.2.i686.rpmLinux
(RHSA-2018:2731) spice and spice-gtk security update spice-gtk3-0.34-3.el7_5.2.x86_64.rpmLinux
(RHSA-2018:2731) spice and spice-gtk security update spice-gtk3-devel-0.34-3.el7_5.2.i686.rpmLinux
(RHSA-2018:2731) spice and spice-gtk security update spice-gtk3-devel-0.34-3.el7_5.2.x86_64.rpmLinux
(RHSA-2018:2731) spice and spice-gtk security update spice-gtk3-vala-0.34-3.el7_5.2.x86_64.rpmLinux
(RHSA-2018:2731) spice and spice-gtk security update spice-server-0.14.0-2.el7_5.5.x86_64.rpmLinux
(RHSA-2018:2731) spice and spice-gtk security update spice-server-devel-0.14.0-2.el7_5.5.x86_64.rpmLinux
(RHSA-2018:2732) spice-gtk and spice-server security update spice-glib-0.26-8.el6_10.1.i686.rpmLinux
(RHSA-2018:2732) spice-gtk and spice-server security update spice-glib-0.26-8.el6_10.1.x86_64.rpmLinux
(RHSA-2018:2732) spice-gtk and spice-server security update spice-glib-devel-0.26-8.el6_10.1.i686.rpmLinux
(RHSA-2018:2732) spice-gtk and spice-server security update spice-glib-devel-0.26-8.el6_10.1.x86_64.rpmLinux
(RHSA-2018:2732) spice-gtk and spice-server security update spice-gtk-0.26-8.el6_10.1.i686.rpmLinux
(RHSA-2018:2732) spice-gtk and spice-server security update spice-gtk-0.26-8.el6_10.1.x86_64.rpmLinux
(RHSA-2018:2732) spice-gtk and spice-server security update spice-gtk-devel-0.26-8.el6_10.1.i686.rpmLinux
(RHSA-2018:2732) spice-gtk and spice-server security update spice-gtk-devel-0.26-8.el6_10.1.x86_64.rpmLinux
(RHSA-2018:2732) spice-gtk and spice-server security update spice-gtk-python-0.26-8.el6_10.1.i686.rpmLinux
(RHSA-2018:2732) spice-gtk and spice-server security update spice-gtk-python-0.26-8.el6_10.1.x86_64.rpmLinux
(RHSA-2018:2732) spice-gtk and spice-server security update spice-gtk-tools-0.26-8.el6_10.1.i686.rpmLinux
(RHSA-2018:2732) spice-gtk and spice-server security update spice-gtk-tools-0.26-8.el6_10.1.x86_64.rpmLinux
(RHSA-2018:2732) spice-gtk and spice-server security update spice-server-0.12.4-16.el6_10.1.x86_64.rpmLinux
(RHSA-2018:2732) spice-gtk and spice-server security update spice-server-devel-0.12.4-16.el6_10.1.x86_64.rpmLinux
SUSE-SU-2018:2563-1(SUSE Linux Enterprise Server 11-SP4 ) libspice-server1-0.12.4-15.1.x86_64.rpmLinux
SUSE-SU-2018:2594-1(SUSE Linux Enterprise Desktop 12-SP3 ) libspice-client-glib-2_0-8-0.33-3.6.1.x86_64.rpmLinux
SUSE-SU-2018:2594-1(SUSE Linux Enterprise Desktop 12-SP3 ) libspice-client-glib-2_0-8-debuginfo-0.33-3.6.1.x86_64.rpmLinux
SUSE-SU-2018:2594-1(SUSE Linux Enterprise Desktop 12-SP3 ) libspice-client-glib-helper-0.33-3.6.1.x86_64.rpmLinux
SUSE-SU-2018:2594-1(SUSE Linux Enterprise Desktop 12-SP3 ) libspice-client-glib-helper-debuginfo-0.33-3.6.1.x86_64.rpmLinux
SUSE-SU-2018:2594-1(SUSE Linux Enterprise Desktop 12-SP3 ) libspice-client-gtk-3_0-5-0.33-3.6.1.x86_64.rpmLinux
SUSE-SU-2018:2594-1(SUSE Linux Enterprise Desktop 12-SP3 ) libspice-client-gtk-3_0-5-debuginfo-0.33-3.6.1.x86_64.rpmLinux
SUSE-SU-2018:2594-1(SUSE Linux Enterprise Desktop 12-SP3 ) libspice-controller0-0.33-3.6.1.x86_64.rpmLinux
SUSE-SU-2018:2594-1(SUSE Linux Enterprise Desktop 12-SP3 ) libspice-controller0-debuginfo-0.33-3.6.1.x86_64.rpmLinux
SUSE-SU-2018:2594-1(SUSE Linux Enterprise Desktop 12-SP3 ) spice-gtk-debuginfo-0.33-3.6.1.x86_64.rpmLinux
SUSE-SU-2018:2594-1(SUSE Linux Enterprise Desktop 12-SP3 ) spice-gtk-debugsource-0.33-3.6.1.x86_64.rpmLinux
SUSE-SU-2018:2594-1(SUSE Linux Enterprise Desktop 12-SP3 ) typelib-1_0-SpiceClientGlib-2_0-0.33-3.6.1.x86_64.rpmLinux
SUSE-SU-2018:2594-1(SUSE Linux Enterprise Desktop 12-SP3 ) typelib-1_0-SpiceClientGtk-3_0-0.33-3.6.1.x86_64.rpmLinux
SUSE-SU-2018:2595-1(SUSE Linux Enterprise Desktop 12-SP3 ) libspice-server1-0.12.8-6.1.x86_64.rpmLinux
SUSE-SU-2018:2595-1(SUSE Linux Enterprise Desktop 12-SP3 ) libspice-server1-debuginfo-0.12.8-6.1.x86_64.rpmLinux
SUSE-SU-2018:2595-1(SUSE Linux Enterprise Desktop 12-SP3 ) spice-debugsource-0.12.8-6.1.x86_64.rpmLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234