Home

CVE-2020-14355

Description

Multiple buffer overflow vulnerabilities were found in the QUIC image decoding process of the SPICE remote display system, before spice-0.14.2-1. Both the SPICE client (spice-gtk) and server are affected by these flaws. These flaws allow a malicious client or server to send specially crafted messages that, when processed by the QUIC image compression algorithm, result in a process crash or potential code execution.

Risk Information

Base Score
6.6
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L
EPSS Score
Exploitation Probability
1.111

Associated Vulnerability

VulnerabilityOS Platform
SPICE protocol client and server library (USN-4572-1) libspice-server1_0.12.6-4ubuntu0.5_i386.debLinux
SPICE protocol client and server library (USN-4572-1) libspice-server1_0.12.6-4ubuntu0.5_amd64.debLinux
SPICE protocol client and server library (USN-4572-1) libspice-server1_0.14.0-1ubuntu2.5_i386.debLinux
SPICE protocol client and server library (USN-4572-1) libspice-server1_0.14.0-1ubuntu2.5_amd64.debLinux
SPICE protocol client and server library (USN-4572-1) libspice-server1_0.14.2-4ubuntu3.1_amd64.debLinux
(RHSA-2020:4186) spice and spice-gtk security update spice-debugsource-0.14.2-1.el8_2.1.i686.rpmLinux
(RHSA-2020:4186) spice and spice-gtk security update spice-debugsource-0.14.2-1.el8_2.1.x86_64.rpmLinux
(RHSA-2020:4186) spice and spice-gtk security update spice-glib-0.37-1.el8_2.2.i686.rpmLinux
(RHSA-2020:4186) spice and spice-gtk security update spice-glib-0.37-1.el8_2.2.x86_64.rpmLinux
(RHSA-2020:4186) spice and spice-gtk security update spice-glib-devel-0.37-1.el8_2.2.i686.rpmLinux
(RHSA-2020:4186) spice and spice-gtk security update spice-glib-devel-0.37-1.el8_2.2.x86_64.rpmLinux
(RHSA-2020:4186) spice and spice-gtk security update spice-gtk-0.37-1.el8_2.2.x86_64.rpmLinux
(RHSA-2020:4186) spice and spice-gtk security update spice-gtk-debugsource-0.37-1.el8_2.2.i686.rpmLinux
(RHSA-2020:4186) spice and spice-gtk security update spice-gtk-debugsource-0.37-1.el8_2.2.x86_64.rpmLinux
(RHSA-2020:4186) spice and spice-gtk security update spice-gtk-tools-0.37-1.el8_2.2.x86_64.rpmLinux
(RHSA-2020:4186) spice and spice-gtk security update spice-gtk3-0.37-1.el8_2.2.i686.rpmLinux
(RHSA-2020:4186) spice and spice-gtk security update spice-gtk3-0.37-1.el8_2.2.x86_64.rpmLinux
(RHSA-2020:4186) spice and spice-gtk security update spice-gtk3-devel-0.37-1.el8_2.2.i686.rpmLinux
(RHSA-2020:4186) spice and spice-gtk security update spice-gtk3-devel-0.37-1.el8_2.2.x86_64.rpmLinux
(RHSA-2020:4186) spice and spice-gtk security update spice-gtk3-vala-0.37-1.el8_2.2.x86_64.rpmLinux
(RHSA-2020:4186) spice and spice-gtk security update spice-server-0.14.2-1.el8_2.1.i686.rpmLinux
(RHSA-2020:4186) spice and spice-gtk security update spice-server-0.14.2-1.el8_2.1.x86_64.rpmLinux
(RHSA-2020:4187) spice and spice-gtk security update spice-glib-0.35-5.el7_9.1.i686.rpmLinux
(RHSA-2020:4187) spice and spice-gtk security update spice-glib-0.35-5.el7_9.1.x86_64.rpmLinux
(RHSA-2020:4187) spice and spice-gtk security update spice-glib-devel-0.35-5.el7_9.1.i686.rpmLinux
(RHSA-2020:4187) spice and spice-gtk security update spice-glib-devel-0.35-5.el7_9.1.x86_64.rpmLinux
(RHSA-2020:4187) spice and spice-gtk security update spice-gtk-tools-0.35-5.el7_9.1.x86_64.rpmLinux
(RHSA-2020:4187) spice and spice-gtk security update spice-gtk3-0.35-5.el7_9.1.i686.rpmLinux
(RHSA-2020:4187) spice and spice-gtk security update spice-gtk3-0.35-5.el7_9.1.x86_64.rpmLinux
(RHSA-2020:4187) spice and spice-gtk security update spice-gtk3-devel-0.35-5.el7_9.1.i686.rpmLinux
(RHSA-2020:4187) spice and spice-gtk security update spice-gtk3-devel-0.35-5.el7_9.1.x86_64.rpmLinux
(RHSA-2020:4187) spice and spice-gtk security update spice-gtk3-vala-0.35-5.el7_9.1.x86_64.rpmLinux
(RHSA-2020:4187) spice and spice-gtk security update spice-server-0.14.0-9.el7_9.1.x86_64.rpmLinux
(RHSA-2020:4187) spice and spice-gtk security update spice-server-devel-0.14.0-9.el7_9.1.x86_64.rpmLinux
SUSE-SU-2020:3085-1(SUSE Linux Enterprise Server 12-SP5 ) libspice-client-glib-2_0-8-0.33-3.9.1.x86_64.rpmLinux
SUSE-SU-2020:3085-1(SUSE Linux Enterprise Server 12-SP5 ) libspice-client-glib-2_0-8-debuginfo-0.33-3.9.1.x86_64.rpmLinux
SUSE-SU-2020:3085-1(SUSE Linux Enterprise Server 12-SP5 ) libspice-client-glib-helper-0.33-3.9.1.x86_64.rpmLinux
SUSE-SU-2020:3085-1(SUSE Linux Enterprise Server 12-SP5 ) libspice-client-glib-helper-debuginfo-0.33-3.9.1.x86_64.rpmLinux
SUSE-SU-2020:3085-1(SUSE Linux Enterprise Server 12-SP5 ) libspice-client-gtk-3_0-5-0.33-3.9.1.x86_64.rpmLinux
SUSE-SU-2020:3085-1(SUSE Linux Enterprise Server 12-SP5 ) libspice-client-gtk-3_0-5-debuginfo-0.33-3.9.1.x86_64.rpmLinux
SUSE-SU-2020:3085-1(SUSE Linux Enterprise Server 12-SP5 ) libspice-controller0-0.33-3.9.1.x86_64.rpmLinux
SUSE-SU-2020:3085-1(SUSE Linux Enterprise Server 12-SP5 ) libspice-controller0-debuginfo-0.33-3.9.1.x86_64.rpmLinux
SUSE-SU-2020:3085-1(SUSE Linux Enterprise Server 12-SP5 ) spice-gtk-debuginfo-0.33-3.9.1.x86_64.rpmLinux
SUSE-SU-2020:3085-1(SUSE Linux Enterprise Server 12-SP5 ) spice-gtk-debugsource-0.33-3.9.1.x86_64.rpmLinux
SUSE-SU-2020:3085-1(SUSE Linux Enterprise Server 12-SP5 ) typelib-1_0-SpiceClientGlib-2_0-0.33-3.9.1.x86_64.rpmLinux
SUSE-SU-2020:3085-1(SUSE Linux Enterprise Server 12-SP5 ) typelib-1_0-SpiceClientGtk-3_0-0.33-3.9.1.x86_64.rpmLinux
Spice-glib update (ELSA-2020-4187) spice-glib-0.35-5.el7_9.1.x86_64.rpmLinux
Spice-glib-devel update (ELSA-2020-4187) spice-glib-devel-0.35-5.el7_9.1.x86_64.rpmLinux
Spice-gtk-tools update (ELSA-2020-4187) spice-gtk-tools-0.35-5.el7_9.1.x86_64.rpmLinux
Spice-gtk3 update (ELSA-2020-4187) spice-gtk3-0.35-5.el7_9.1.x86_64.rpmLinux
Spice-gtk3-devel update (ELSA-2020-4187) spice-gtk3-devel-0.35-5.el7_9.1.x86_64.rpmLinux
Spice-gtk3-vala update (ELSA-2020-4187) spice-gtk3-vala-0.35-5.el7_9.1.x86_64.rpmLinux
Spice-server update (ELSA-2020-4187) spice-server-0.14.0-9.el7_9.1.x86_64.rpmLinux
Spice-server-devel update (ELSA-2020-4187) spice-server-devel-0.14.0-9.el7_9.1.x86_64.rpmLinux
Spice-glib update (ELSA-2020-4187) spice-glib-0.35-5.el7_9.1.i686.rpmLinux
Spice-glib-devel update (ELSA-2020-4187) spice-glib-devel-0.35-5.el7_9.1.i686.rpmLinux
Spice-gtk3 update (ELSA-2020-4187) spice-gtk3-0.35-5.el7_9.1.i686.rpmLinux
Spice-gtk3-devel update (ELSA-2020-4187) spice-gtk3-devel-0.35-5.el7_9.1.i686.rpmLinux
(CESA-2020:4187) spice and spice-gtk security update spice-glib-0.35-5.el7_9.1.x86_64.rpmLinux
(CESA-2020:4187) spice and spice-gtk security update spice-glib-devel-0.35-5.el7_9.1.x86_64.rpmLinux
(CESA-2020:4187) spice and spice-gtk security update spice-gtk-tools-0.35-5.el7_9.1.x86_64.rpmLinux
(CESA-2020:4187) spice and spice-gtk security update spice-gtk3-0.35-5.el7_9.1.x86_64.rpmLinux
(CESA-2020:4187) spice and spice-gtk security update spice-gtk3-devel-0.35-5.el7_9.1.x86_64.rpmLinux
(CESA-2020:4187) spice and spice-gtk security update spice-gtk3-vala-0.35-5.el7_9.1.x86_64.rpmLinux
(CESA-2020:4187) spice and spice-gtk security update spice-server-0.14.0-9.el7_9.1.x86_64.rpmLinux
(CESA-2020:4187) spice and spice-gtk security update spice-server-devel-0.14.0-9.el7_9.1.x86_64.rpmLinux
(RHSA-2020:4186)Important: and-gtk security update spice-glib-debuginfo-0.37-1.el8_2.2.i686.rpmLinux
(RHSA-2020:4186)Important: and-gtk security update spice-glib-debuginfo-0.37-1.el8_2.2.x86_64.rpmLinux
(RHSA-2020:4186)Important: and-gtk security update spice-gtk-debuginfo-0.37-1.el8_2.2.i686.rpmLinux
(RHSA-2020:4186)Important: and-gtk security update spice-gtk-debuginfo-0.37-1.el8_2.2.x86_64.rpmLinux
(RHSA-2020:4186)Important: and-gtk security update spice-gtk-tools-debuginfo-0.37-1.el8_2.2.i686.rpmLinux
(RHSA-2020:4186)Important: and-gtk security update spice-gtk-tools-debuginfo-0.37-1.el8_2.2.x86_64.rpmLinux
(RHSA-2020:4186)Important: and-gtk security update spice-gtk3-debuginfo-0.37-1.el8_2.2.i686.rpmLinux
(RHSA-2020:4186)Important: and-gtk security update spice-gtk3-debuginfo-0.37-1.el8_2.2.x86_64.rpmLinux
(RHSA-2020:4186)Important: and-gtk security update spice-server-debuginfo-0.14.2-1.el8_2.1.i686.rpmLinux
(RHSA-2020:4186)Important: and-gtk security update spice-server-debuginfo-0.14.2-1.el8_2.1.x86_64.rpmLinux
(RHSA-2020:4187)Important: and-gtk security update spice-debuginfo-0.14.0-9.el7_9.1.x86_64.rpmLinux
(RHSA-2020:4187)Important: and-gtk security update spice-gtk-debuginfo-0.35-5.el7_9.1.i686.rpmLinux
(RHSA-2020:4187)Important: and-gtk security update spice-gtk-debuginfo-0.35-5.el7_9.1.x86_64.rpmLinux
Spice-glib update (ELSA-2020-4186) spice-glib-0.37-1.el8_2.2.i686.rpmLinux
Spice-glib update (ELSA-2020-4186) spice-glib-0.37-1.el8_2.2.x86_64.rpmLinux
Spice-glib-devel update (ELSA-2020-4186) spice-glib-devel-0.37-1.el8_2.2.i686.rpmLinux
Spice-glib-devel update (ELSA-2020-4186) spice-glib-devel-0.37-1.el8_2.2.x86_64.rpmLinux
Spice-gtk update (ELSA-2020-4186) spice-gtk-0.37-1.el8_2.2.x86_64.rpmLinux
Spice-gtk-tools update (ELSA-2020-4186) spice-gtk-tools-0.37-1.el8_2.2.x86_64.rpmLinux
Spice-gtk3 update (ELSA-2020-4186) spice-gtk3-0.37-1.el8_2.2.i686.rpmLinux
Spice-gtk3 update (ELSA-2020-4186) spice-gtk3-0.37-1.el8_2.2.x86_64.rpmLinux
Spice-gtk3-devel update (ELSA-2020-4186) spice-gtk3-devel-0.37-1.el8_2.2.i686.rpmLinux
Spice-gtk3-devel update (ELSA-2020-4186) spice-gtk3-devel-0.37-1.el8_2.2.x86_64.rpmLinux
Spice-gtk3-vala update (ELSA-2020-4186) spice-gtk3-vala-0.37-1.el8_2.2.x86_64.rpmLinux
Spice-server update (ELSA-2020-4186) spice-server-0.14.2-1.el8_2.1.i686.rpmLinux
Spice-server update (ELSA-2020-4186) spice-server-0.14.2-1.el8_2.1.x86_64.rpmLinux
spice-gtk Security Update (ALAS-2020-1546) spice-glib-0.35-5.amzn2.1.i686.rpmLinux
spice-gtk Security Update (ALAS-2020-1546) spice-glib-0.35-5.amzn2.1.x86_64.rpmLinux
spice-gtk Security Update (ALAS-2020-1546) spice-gtk3-0.35-5.amzn2.1.i686.rpmLinux
spice-gtk Security Update (ALAS-2020-1546) spice-gtk3-0.35-5.amzn2.1.x86_64.rpmLinux
spice-gtk Security Update (ALAS-2020-1546) spice-gtk-tools-0.35-5.amzn2.1.x86_64.rpmLinux
spice-gtk Security Update (ALAS-2020-1546) spice-gtk3-vala-0.35-5.amzn2.1.x86_64.rpmLinux
spice-gtk Security Update (ALAS-2020-1546) spice-glib-devel-0.35-5.amzn2.1.x86_64.rpmLinux
spice-gtk Security Update (ALAS-2020-1546) spice-gtk3-devel-0.35-5.amzn2.1.x86_64.rpmLinux
spice Security Update (ALAS-2020-1547) spice-server-0.14.0-9.amzn2.1.x86_64.rpmLinux
spice Security Update (ALAS-2020-1547) spice-server-devel-0.14.0-9.amzn2.1.x86_64.rpmLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234