5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
Spice is vulnerable to denial of service. A DoS tool might make it easier for remote attackers to cause a denial of service (CPU consumption) by performing many renegotiations within a single connection.
CPE | Name | Operator | Version |
---|---|---|---|
spice:3.10 | eq | 0.14.2-r0 | |
spice:3.13 | eq | 0.14.3-r0 | |
spice:3.12 | eq | 0.14.3-r0 | |
spice:3.11 | eq | 0.14.2-r1 | |
spice:edge | eq | 0.14.3-r0 | |
spice:3.14 | eq | 0.14.3-r0 |
blog.qualys.com/product-tech/2011/10/31/tls-renegotiation-and-denial-of-service-attacks
bugzilla.redhat.com/show_bug.cgi?id=1921846
secdb.alpinelinux.org/edge/main.yaml
secdb.alpinelinux.org/v3.10/main.yaml
secdb.alpinelinux.org/v3.11/main.yaml
secdb.alpinelinux.org/v3.12/main.yaml
secdb.alpinelinux.org/v3.13/main.yaml
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P