CVE-2018-10893
Description
Multiple integer overflow and buffer overflow issues were discovered in spice-clients handling of LZ compressed frames. A malicious server could cause the client to crash or, potentially, execute arbitrary code.
Risk Information
Base Score
8.8
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.366
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| SUSE-SU-2018:2563-1(SUSE Linux Enterprise Server 11-SP4 ) libspice-server1-0.12.4-15.1.x86_64.rpm | Linux |
| SUSE-SU-2018:2594-1(SUSE Linux Enterprise Desktop 12-SP3 ) libspice-client-glib-2_0-8-0.33-3.6.1.x86_64.rpm | Linux |
| SUSE-SU-2018:2594-1(SUSE Linux Enterprise Desktop 12-SP3 ) libspice-client-glib-2_0-8-debuginfo-0.33-3.6.1.x86_64.rpm | Linux |
| SUSE-SU-2018:2594-1(SUSE Linux Enterprise Desktop 12-SP3 ) libspice-client-glib-helper-0.33-3.6.1.x86_64.rpm | Linux |
| SUSE-SU-2018:2594-1(SUSE Linux Enterprise Desktop 12-SP3 ) libspice-client-glib-helper-debuginfo-0.33-3.6.1.x86_64.rpm | Linux |
| SUSE-SU-2018:2594-1(SUSE Linux Enterprise Desktop 12-SP3 ) libspice-client-gtk-3_0-5-0.33-3.6.1.x86_64.rpm | Linux |
| SUSE-SU-2018:2594-1(SUSE Linux Enterprise Desktop 12-SP3 ) libspice-client-gtk-3_0-5-debuginfo-0.33-3.6.1.x86_64.rpm | Linux |
| SUSE-SU-2018:2594-1(SUSE Linux Enterprise Desktop 12-SP3 ) libspice-controller0-0.33-3.6.1.x86_64.rpm | Linux |
| SUSE-SU-2018:2594-1(SUSE Linux Enterprise Desktop 12-SP3 ) libspice-controller0-debuginfo-0.33-3.6.1.x86_64.rpm | Linux |
| SUSE-SU-2018:2594-1(SUSE Linux Enterprise Desktop 12-SP3 ) spice-gtk-debuginfo-0.33-3.6.1.x86_64.rpm | Linux |
| SUSE-SU-2018:2594-1(SUSE Linux Enterprise Desktop 12-SP3 ) spice-gtk-debugsource-0.33-3.6.1.x86_64.rpm | Linux |
| SUSE-SU-2018:2594-1(SUSE Linux Enterprise Desktop 12-SP3 ) typelib-1_0-SpiceClientGlib-2_0-0.33-3.6.1.x86_64.rpm | Linux |
| SUSE-SU-2018:2594-1(SUSE Linux Enterprise Desktop 12-SP3 ) typelib-1_0-SpiceClientGtk-3_0-0.33-3.6.1.x86_64.rpm | Linux |
| SUSE-SU-2018:2595-1(SUSE Linux Enterprise Desktop 12-SP3 ) libspice-server1-0.12.8-6.1.x86_64.rpm | Linux |
| SUSE-SU-2018:2595-1(SUSE Linux Enterprise Desktop 12-SP3 ) libspice-server1-debuginfo-0.12.8-6.1.x86_64.rpm | Linux |
| SUSE-SU-2018:2595-1(SUSE Linux Enterprise Desktop 12-SP3 ) spice-debugsource-0.12.8-6.1.x86_64.rpm | Linux |
| (RHSA-2020:0471) spice-gtk security update spice-glib-0.26-8.el6_10.2.i686.rpm | Linux |
| (RHSA-2020:0471) spice-gtk security update spice-glib-0.26-8.el6_10.2.x86_64.rpm | Linux |
| (RHSA-2020:0471) spice-gtk security update spice-glib-devel-0.26-8.el6_10.2.i686.rpm | Linux |
| (RHSA-2020:0471) spice-gtk security update spice-glib-devel-0.26-8.el6_10.2.x86_64.rpm | Linux |
| (RHSA-2020:0471) spice-gtk security update spice-gtk-0.26-8.el6_10.2.i686.rpm | Linux |
| (RHSA-2020:0471) spice-gtk security update spice-gtk-0.26-8.el6_10.2.x86_64.rpm | Linux |
| (RHSA-2020:0471) spice-gtk security update spice-gtk-devel-0.26-8.el6_10.2.i686.rpm | Linux |
| (RHSA-2020:0471) spice-gtk security update spice-gtk-devel-0.26-8.el6_10.2.x86_64.rpm | Linux |
| (RHSA-2020:0471) spice-gtk security update spice-gtk-python-0.26-8.el6_10.2.i686.rpm | Linux |
| (RHSA-2020:0471) spice-gtk security update spice-gtk-python-0.26-8.el6_10.2.x86_64.rpm | Linux |
| (RHSA-2020:0471) spice-gtk security update spice-gtk-tools-0.26-8.el6_10.2.i686.rpm | Linux |
| (RHSA-2020:0471) spice-gtk security update spice-gtk-tools-0.26-8.el6_10.2.x86_64.rpm | Linux |
| (CESA-2020:0471) spice-gtk security update spice-glib-0.26-8.el6_10.2.i686.rpm | Linux |
| (CESA-2020:0471) spice-gtk security update spice-glib-0.26-8.el6_10.2.x86_64.rpm | Linux |
| (CESA-2020:0471) spice-gtk security update spice-glib-devel-0.26-8.el6_10.2.i686.rpm | Linux |
| (CESA-2020:0471) spice-gtk security update spice-glib-devel-0.26-8.el6_10.2.x86_64.rpm | Linux |
| (CESA-2020:0471) spice-gtk security update spice-gtk-0.26-8.el6_10.2.i686.rpm | Linux |
| (CESA-2020:0471) spice-gtk security update spice-gtk-0.26-8.el6_10.2.x86_64.rpm | Linux |
| (CESA-2020:0471) spice-gtk security update spice-gtk-devel-0.26-8.el6_10.2.i686.rpm | Linux |
| (CESA-2020:0471) spice-gtk security update spice-gtk-devel-0.26-8.el6_10.2.x86_64.rpm | Linux |
| (CESA-2020:0471) spice-gtk security update spice-gtk-python-0.26-8.el6_10.2.i686.rpm | Linux |
| (CESA-2020:0471) spice-gtk security update spice-gtk-python-0.26-8.el6_10.2.x86_64.rpm | Linux |
| (CESA-2020:0471) spice-gtk security update spice-gtk-tools-0.26-8.el6_10.2.i686.rpm | Linux |
| (CESA-2020:0471) spice-gtk security update spice-gtk-tools-0.26-8.el6_10.2.x86_64.rpm | Linux |
| (RHSA-2019:2229)Moderate: security and bug fix update libgovirt-debuginfo-0.3.4-3.el7.i686.rpm | Linux |
| (RHSA-2019:2229)Moderate: security and bug fix update libgovirt-debuginfo-0.3.4-3.el7.x86_64.rpm | Linux |
| (RHSA-2019:2229)Moderate: security and bug fix update spice-gtk-debuginfo-0.35-4.el7.i686.rpm | Linux |
| (RHSA-2019:2229)Moderate: security and bug fix update spice-gtk-debuginfo-0.35-4.el7.x86_64.rpm | Linux |
| (RHSA-2019:2229)Moderate: security and bug fix update spice-vdagent-debuginfo-0.14.0-18.el7.x86_64.rpm | Linux |
| (RHSA-2019:2229)Moderate: security and bug fix update virt-viewer-debuginfo-5.0-15.el7.x86_64.rpm | Linux |
| Libgovirt update (ELSA-2019-2229) libgovirt-0.3.4-3.el7.i686.rpm | Linux |
| Libgovirt update (ELSA-2019-2229) libgovirt-0.3.4-3.el7.x86_64.rpm | Linux |
| Spice-glib update (ELSA-2019-2229) spice-glib-0.35-4.el7.i686.rpm | Linux |
| Spice-glib update (ELSA-2019-2229) spice-glib-0.35-4.el7.x86_64.rpm | Linux |
| Spice-gtk3 update (ELSA-2019-2229) spice-gtk3-0.35-4.el7.i686.rpm | Linux |
| Spice-gtk3 update (ELSA-2019-2229) spice-gtk3-0.35-4.el7.x86_64.rpm | Linux |
| Spice-vdagent update (ELSA-2019-2229) spice-vdagent-0.14.0-18.el7.x86_64.rpm | Linux |
| Virt-viewer update (ELSA-2019-2229) virt-viewer-5.0-15.el7.x86_64.rpm | Linux |
| spice-protocol Security Update (ALAS-2023-2219) spice-protocol-0.12.14-1.amzn2.noarch.rpm | Linux |
| libgovirt Security Update (ALAS-2023-2220) libgovirt-0.3.4-3.amzn2.i686.rpm | Linux |
| libgovirt Security Update (ALAS-2023-2220) libgovirt-0.3.4-3.amzn2.x86_64.rpm | Linux |
| libgovirt Security Update (ALAS-2023-2220) libgovirt-devel-0.3.4-3.amzn2.x86_64.rpm | Linux |
| libgovirt Security Update (ALAS2-2023-2220) libgovirt-0.3.4-3.amzn2.x86_64.rpm | Linux |
| libgovirt Security Update (ALAS2-2023-2220) libgovirt-0.3.4-3.amzn2.i686.rpm | Linux |
| libgovirt Security Update (ALAS2-2023-2220) libgovirt-devel-0.3.4-3.amzn2.x86_64.rpm | Linux |
| spice-protocol Security Update (ALAS2-2023-2219) spice-protocol-0.12.14-1.amzn2.noarch.rpm | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234