Lucene search

Veracode Vulnerability DatabaseVERACODE:11177

HistoryJan 15, 2019 - 8:58 a.m.

Denial Of Service (DoS)

2019-01-1508:58:05

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

JSON

spice-server is vulnerable to denial of service (DoS) attacks. The vulnerability exists as the (1) red_channel_pipes_add_type and (2) red_channel_pipes_add_empty_msg functions in server/red_channel.c in SPICE before 0.12.4 do not properly perform ring loops, which might allow remote attackers to cause a denial of service (reachable assertion and server exit) by triggering a network error.

CPENameOperatorVersion
spice-servereq0.8.2__5.el6
spice-servereq0.4.2__15.el6
spice-servereq0.8.0__1.el6
spice-servereq0.10.1__10.el6

Name	Operator	Version
spice-server	eq	0.8.2__5.el6
spice-server	eq	0.4.2__15.el6
spice-server	eq	0.8.0__1.el6
spice-server	eq	0.10.1__10.el6

References

cgit.freedesktop.org/spice/spice/commit/?id=53488f0275d6c8a121af49f7ac817d09ce68090d

rhn.redhat.com/errata/RHSA-2013-1260.html

seclists.org/oss-sec/2013/q3/115

www.debian.org/security/2014/dsa-2839

www.ubuntu.com/usn/USN-1926-1

access.redhat.com/security/updates/classification/#moderate

bugzilla.redhat.com/show_bug.cgi?id=984769

rhn.redhat.com/errata/RHSA-2013-1192.html

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

JSON

Related for VERACODE:11177