Project

General

Profile

Bug #9307

Bug #9305: spice: Missing check in demarshal.py:write_validate_array_item() allows for buffer overflow and denial of service (CVE-2018-10873)

[3.8] spice: Missing check in demarshal.py:write_validate_array_item() allows for buffer overflow and denial of service (CVE-2018-10873)

Added by Alicha CH 10 months ago. Updated 8 months ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
Security
Target version:
Start date:
08/21/2018
Due date:
% Done:

100%

Estimated time:
Affected versions:
Security IDs:

Description

A vulnerability was discovered in SPICE before version 0.14.1 where the generated code used for demarshalling messages
lacked sufficient bounds checks. A malicious client or server, after authentication, could send specially crafted messages
to its peer which would result in a crash or, potentially, other impacts.

References:

http://openwall.com/lists/oss-security/2018/08/17/1
https://nvd.nist.gov/vuln/detail/CVE-2018-10873

Patch:

https://gitlab.freedesktop.org/spice/spice-common/commit/bb15d4815ab586b4c4a20f4a565970a44824c42c


Related issues

Copied from Alpine Linux - Bug #9305: spice: Missing check in demarshal.py:write_validate_array_item() allows for buffer overflow and denial of service (CVE-2018-10873)Closed08/21/2018

Associated revisions

Revision 03fec458 (diff)
Added by Leonardo Arena 8 months ago

main/spice: security upgrade to 0.14.1 (CVE-2018-10873)

Fixes #9307

History

#1 Updated by Alicha CH 10 months ago

  • Copied from Bug #9305: spice: Missing check in demarshal.py:write_validate_array_item() allows for buffer overflow and denial of service (CVE-2018-10873) added

#3 Updated by Natanael Copa 10 months ago

  • Target version changed from 3.8.1 to 3.8.2

#4 Updated by Anonymous 8 months ago

  • Status changed from New to Resolved
  • % Done changed from 0 to 100

#5 Updated by Alicha CH 8 months ago

  • Project changed from Alpine Security to Alpine Linux
  • Category set to Security
  • Status changed from Resolved to Closed
  • Security IDs deleted (CVE-2018-10873)

Also available in: Atom PDF