SPICE Server Protocol Handling Vulnerability in Red Hat Products
CVE-2016-9578

7.5HIGH

Key Information:

Vendor: Red Hat
Status: Spice
Vendor: CVE Published:; 27 July 2018

🔔 Create Red Hat Vulnerability Alert

What is CVE-2016-9578?

A vulnerability in the SPICE server's protocol handling allows an attacker who connects to the server to send specially crafted messages. This can result in the server process crashing, potentially disrupting services and exposing systems to further risks. Users are advised to upgrade to patched versions to mitigate this issue.

Affected Version(s)

spice 0.13.90

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9578

x_refsource_CONFIRM

https://access.redhat.com/errata/RHSA-2017:0552

vendor-advisoryx_refsource_REDHAT

https://access.redhat.com/errata/RHSA-2017:0254

vendor-advisoryx_refsource_REDHAT

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 27, 2018
Vulnerability Reserved
Nov 23, 2016

.