Home

CVE-2020-25651

Description

A flaw was found in the SPICE file transfer protocol. File data from the host system can end up in full or in parts in the client connection of an illegitimate local user in the VM system. Active file transfers from other users could also be interrupted, resulting in a denial of service. The highest threat from this vulnerability is to data confidentiality as well as system availability. This flaw affects spice-vdagent versions 0.20 and prior.

Risk Information

Base Score
6.4
MODERATE
Vector
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:L
EPSS Score
Exploitation Probability
0.115

Associated Vulnerability

VulnerabilityOS Platform
Spice agent for Linux (USN-4617-1) spice-vdagent_0.17.0-1ubuntu2.2_i386.debLinux
Spice agent for Linux (USN-4617-1) spice-vdagent_0.17.0-1ubuntu2.2_amd64.debLinux
Spice agent for Linux (USN-4617-1) spice-vdagent_0.19.0-2ubuntu0.2_amd64.debLinux
Spice agent for Linux (USN-4617-1) spice-vdagent_0.20.0-1ubuntu0.1_amd64.debLinux
(RHSA-2021:1791) spice-vdagent security and bug fix update spice-vdagent-0.20.0-3.el8.x86_64.rpmLinux
(RHSA-2021:1791) spice-vdagent security and bug fix update spice-vdagent-debugsource-0.20.0-3.el8.x86_64.rpmLinux
SUSE-SU-2021:2766-1(SUSE Linux Enterprise Server 12-SP5 ) spice-vdagent-0.16.0-8.8.2.x86_64.rpmLinux
SUSE-SU-2021:2766-1(SUSE Linux Enterprise Server 12-SP5 ) spice-vdagent-debuginfo-0.16.0-8.8.2.x86_64.rpmLinux
SUSE-SU-2021:2766-1(SUSE Linux Enterprise Server 12-SP5 ) spice-vdagent-debugsource-0.16.0-8.8.2.x86_64.rpmLinux
SUSE-SU-2021:2614-1(SUSE Linux Enterprise Module for Desktop Applications 15-SP3 ) spice-vdagent-0.21.0-3.3.1.x86_64.rpmLinux
SUSE-SU-2021:2614-1(SUSE Linux Enterprise Module for Desktop Applications 15-SP3 ) spice-vdagent-debuginfo-0.21.0-3.3.1.x86_64.rpmLinux
SUSE-SU-2021:2614-1(SUSE Linux Enterprise Module for Desktop Applications 15-SP3 ) spice-vdagent-debugsource-0.21.0-3.3.1.x86_64.rpmLinux
(RHSA-2021:1791)Moderate: security and bug fix update spice-vdagent-debuginfo-0.20.0-3.el8.x86_64.rpmLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234