[3.8] spice: Missing check in demarshal.py:write_validate_array_item() allows for buffer overflow and denial of service (CVE-2018-10873)
A vulnerability was discovered in SPICE before version 0.14.1 where the
generated code used for demarshalling messages
lacked sufficient bounds checks. A malicious client or server, after
authentication, could send specially crafted messages
to its peer which would result in a crash or, potentially, other
impacts.
References:
http://openwall.com/lists/oss-security/2018/08/17/1
https://nvd.nist.gov/vuln/detail/CVE-2018-10873
Patch:
https://gitlab.freedesktop.org/spice/spice-common/commit/bb15d4815ab586b4c4a20f4a565970a44824c42c
(from redmine: issue id 9307, created on 2018-08-21, closed on 2018-11-08)
- Relations:
- copied_to #9305 (closed)
- parent #9305 (closed)
- Changesets:
- Revision 03fec458 on 2018-11-07T13:47:26Z:
main/spice: security upgrade to 0.14.1 (CVE-2018-10873)
Fixes #9307