Lucene search

K

Veracode Vulnerability DatabaseVERACODE:30830

HistoryJun 05, 2021 - 6:37 p.m.

Denial Of Service (DoS)

2021-06-0518:37:13

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

6

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

Spice is vulnerable to denial of service. A DoS tool might make it easier for remote attackers to cause a denial of service (CPU consumption) by performing many renegotiations within a single connection.

CPENameOperatorVersion
spice:3.10eq0.14.2-r0
spice:3.13eq0.14.3-r0
spice:3.12eq0.14.3-r0
spice:3.11eq0.14.2-r1
spice:edgeeq0.14.3-r0
spice:3.14eq0.14.3-r0

References

blog.qualys.com/product-tech/2011/10/31/tls-renegotiation-and-denial-of-service-attacks

bugzilla.redhat.com/show_bug.cgi?id=1921846

secdb.alpinelinux.org/edge/main.yaml

secdb.alpinelinux.org/v3.10/main.yaml

secdb.alpinelinux.org/v3.11/main.yaml

secdb.alpinelinux.org/v3.12/main.yaml

secdb.alpinelinux.org/v3.13/main.yaml

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

Related for VERACODE:30830

nessus18 openvas15 redhat3 rocky1 almalinux1 cve1 osv3 oraclelinux1 suse3 prion1 alpinelinux1 redhatcve1 mageia1 debiancve1 rosalinux1 ubuntucve1 gentoo1 archlinux1