Lucene search

K

[email protected]NVD:CVE-2018-10873

HistoryAug 17, 2018 - 12:29 p.m.

CVE-2018-10873

2018-08-1712:29:00

CWE-20

CWE-119

[email protected]

web.nvd.nist.gov

1

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.5 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

54.9%

A vulnerability was discovered in SPICE before version 0.14.1 where the generated code used for demarshalling messages lacked sufficient bounds checks. A malicious client or server, after authentication, could send specially crafted messages to its peer which would result in a crash or, potentially, other impacts.

Affected configurations

NVD

Node

spice_projectspiceRange<0.14.1

Node

debiandebian_linuxMatch8.0

OR

debiandebian_linuxMatch9.0

Node

canonicalubuntu_linuxMatch14.04lts

OR

canonicalubuntu_linuxMatch16.04lts

OR

canonicalubuntu_linuxMatch18.04lts

Node

redhatvirtualizationMatch4.0

OR

redhatvirtualization_hostMatch4.0

OR

redhatenterprise_linux_desktopMatch6.0

OR

redhatenterprise_linux_desktopMatch7.0

OR

redhatenterprise_linux_serverMatch6.0

OR

redhatenterprise_linux_serverMatch7.0

OR

redhatenterprise_linux_server_ausMatch7.6

OR

redhatenterprise_linux_server_eusMatch7.5

OR

redhatenterprise_linux_server_eusMatch7.6

OR

redhatenterprise_linux_server_tusMatch7.6

OR

redhatenterprise_linux_workstationMatch6.0

OR

redhatenterprise_linux_workstationMatch7.0

References

www.securityfocus.com/bid/105152

access.redhat.com/errata/RHSA-2018:2731

access.redhat.com/errata/RHSA-2018:2732

access.redhat.com/errata/RHSA-2018:3470

bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10873

gitlab.freedesktop.org/spice/spice-common/commit/bb15d4815ab586b4c4a20f4a565970a44824c42c

lists.debian.org/debian-lts-announce/2018/08/msg00035.html

lists.debian.org/debian-lts-announce/2018/08/msg00037.html

lists.debian.org/debian-lts-announce/2018/08/msg00038.html

usn.ubuntu.com/3751-1/

www.debian.org/security/2018/dsa-4319

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.5 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

54.9%

Related for NVD:CVE-2018-10873

openvas31 debian5 nessus37 debiancve1 ubuntucve1 centos2 osv4 ubuntu1 veracode2 cve1 prion1 redhat3 cvelist1 oraclelinux2 redhatcve1 altlinux1 alpinelinux1 ibm2 suse4 mageia2