UbuntuUSN-4572-1Spice vulnerability
6.6 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L
7.2 High
AI Score
Confidence
High
6.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
0.002 Low
EPSS
Percentile
58.5%
Releases
- Ubuntu 20.04 LTS
- Ubuntu 18.04 ESM
- Ubuntu 16.04 ESM
Packages
- spice - SPICE protocol client and server library
Details
Frediano Ziglio discovered that Spice incorrectly handled QUIC image
decoding. A remote attacker could use this to cause Spice to crash,
resulting in a denial of service, or possibly execute arbitrary code.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Ubuntu | 20.04 | noarch | libspice-server1 | < 0.14.2-4ubuntu3.1 | UNKNOWN |
| Ubuntu | 20.04 | noarch | libspice-server-dev | < 0.14.2-4ubuntu3.1 | UNKNOWN |
| Ubuntu | 20.04 | noarch | libspice-server1-dbgsym | < 0.14.2-4ubuntu3.1 | UNKNOWN |
| Ubuntu | 18.04 | noarch | libspice-server1 | < 0.14.0-1ubuntu2.5 | UNKNOWN |
| Ubuntu | 18.04 | noarch | libspice-server-dev | < 0.14.0-1ubuntu2.5 | UNKNOWN |
| Ubuntu | 18.04 | noarch | libspice-server1-dbgsym | < 0.14.0-1ubuntu2.5 | UNKNOWN |
| Ubuntu | 16.04 | noarch | libspice-server1 | < 0.12.6-4ubuntu0.5 | UNKNOWN |
| Ubuntu | 16.04 | noarch | libspice-server-dev | < 0.12.6-4ubuntu0.5 | UNKNOWN |
| Ubuntu | 16.04 | noarch | libspice-server-dev-dbgsym | < 0.12.6-4ubuntu0.5 | UNKNOWN |
| Ubuntu | 16.04 | noarch | libspice-server1-dbg | < 0.12.6-4ubuntu0.5 | UNKNOWN |
References
Related
6.6 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L
7.2 High
AI Score
Confidence
High
6.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
0.002 Low
EPSS
Percentile
58.5%