Project

General

Profile

Bug #9305

spice: Missing check in demarshal.py:write_validate_array_item() allows for buffer overflow and denial of service (CVE-2018-10873)

Added by Alicha CH 9 months ago. Updated 7 months ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
Security
Target version:
-
Start date:
08/21/2018
Due date:
% Done:

100%

Estimated time:
(Total: 0.00 h)
Affected versions:
Security IDs:

Description

A vulnerability was discovered in SPICE before version 0.14.1 where the generated code used for demarshalling messages
lacked sufficient bounds checks. A malicious client or server, after authentication, could send specially crafted messages
to its peer which would result in a crash or, potentially, other impacts.

References:

http://openwall.com/lists/oss-security/2018/08/17/1
https://nvd.nist.gov/vuln/detail/CVE-2018-10873

Patch:

https://gitlab.freedesktop.org/spice/spice-common/commit/bb15d4815ab586b4c4a20f4a565970a44824c42c


Subtasks

Bug #9306: [3.9] spice: Missing check in demarshal.py:write_validate_array_item() allows for buffer overflow and denial of service (CVE-2018-10873)ClosedNatanael Copa

Bug #9307: [3.8] spice: Missing check in demarshal.py:write_validate_array_item() allows for buffer overflow and denial of service (CVE-2018-10873)ClosedNatanael Copa

Bug #9308: [3.7] spice: Missing check in demarshal.py:write_validate_array_item() allows for buffer overflow and denial of service (CVE-2018-10873)ClosedNatanael Copa

Bug #9309: [3.6] spice: Missing check in demarshal.py:write_validate_array_item() allows for buffer overflow and denial of service (CVE-2018-10873)ClosedNatanael Copa

Bug #9313: [3.5] spice: Missing check in demarshal.py:write_validate_array_item() allows for buffer overflow and denial of service (CVE-2018-10873)ClosedNatanael Copa


Related issues

Copied to Alpine Linux - Bug #9306: [3.9] spice: Missing check in demarshal.py:write_validate_array_item() allows for buffer overflow and denial of service (CVE-2018-10873)Closed08/21/2018

Copied to Alpine Linux - Bug #9307: [3.8] spice: Missing check in demarshal.py:write_validate_array_item() allows for buffer overflow and denial of service (CVE-2018-10873)Closed08/21/2018

Copied to Alpine Linux - Bug #9308: [3.7] spice: Missing check in demarshal.py:write_validate_array_item() allows for buffer overflow and denial of service (CVE-2018-10873)Closed08/21/2018

Copied to Alpine Linux - Bug #9309: [3.6] spice: Missing check in demarshal.py:write_validate_array_item() allows for buffer overflow and denial of service (CVE-2018-10873)Closed08/21/2018

Copied to Alpine Linux - Bug #9313: [3.5] spice: Missing check in demarshal.py:write_validate_array_item() allows for buffer overflow and denial of service (CVE-2018-10873)Closed08/21/2018

History

#1 Updated by Alicha CH 9 months ago

  • Copied to Bug #9306: [3.9] spice: Missing check in demarshal.py:write_validate_array_item() allows for buffer overflow and denial of service (CVE-2018-10873) added

#2 Updated by Alicha CH 9 months ago

  • Copied to Bug #9307: [3.8] spice: Missing check in demarshal.py:write_validate_array_item() allows for buffer overflow and denial of service (CVE-2018-10873) added

#3 Updated by Alicha CH 9 months ago

  • Copied to Bug #9308: [3.7] spice: Missing check in demarshal.py:write_validate_array_item() allows for buffer overflow and denial of service (CVE-2018-10873) added

#4 Updated by Alicha CH 9 months ago

  • Copied to Bug #9309: [3.6] spice: Missing check in demarshal.py:write_validate_array_item() allows for buffer overflow and denial of service (CVE-2018-10873) added

#5 Updated by Alicha CH 9 months ago

  • Copied to Bug #9313: [3.5] spice: Missing check in demarshal.py:write_validate_array_item() allows for buffer overflow and denial of service (CVE-2018-10873) added

#6 Updated by Leonardo Arena 7 months ago

  • Status changed from New to Resolved

#7 Updated by Alicha CH 7 months ago

  • Project changed from Alpine Security to Alpine Linux
  • Category set to Security
  • Status changed from Resolved to Closed
  • Security IDs deleted (CVE-2018-10873)

Also available in: Atom PDF