Out-of-Bounds Read Vulnerability in Spice by Red Hat
CVE-2019-3813

7.5HIGH

Key Information:

Vendor
Red Hat
Status
Spice
Vendor
CVE Published:
4 February 2019

Summary

The Spice software, used for providing remote access to virtual machines, is affected by an out-of-bounds read condition, stemming from an off-by-one error in the function memslot_get_virt. This flaw can permit unauthorized attackers to conduct denial of service attacks or potentially execute arbitrary code, posing significant risks to confidentiality, integrity, and availability of the affected systems.

Affected Version(s)

Spice versions 0.5.2 through 0.14.1

References

https://www.debian.org/security/2019/dsa-4375
vendor-advisoryx_refsource_DEBIAN
https://access.redhat.com/errata/RHSA-2019:0231
vendor-advisoryx_refsource_REDHAT
http://www.securityfocus.com/bid/106801
vdb-entryx_refsource_BID

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.