CVE-2018-10873

HIGH8.8EPSS 1.2%

spice - security update

發布日:2018/8/17修改日:2026/4/28

描述

A vulnerability was discovered in SPICE before version 0.14.1 where the generated code used for demarshalling messages lacked sufficient bounds checks. A malicious client or server, after authentication, could send specially crafted messages to its peer which would result in a crash or, potentially, other impacts.

受影響套件(6)

Alpine/spicefrom 0, < 0.14.1-r0
Debian/spicefrom 0, < 0.14.0-1.1
Debian/spicefrom 0, < 0.12.5-1+deb8u6
Debian/spicefrom 0, < 0.12.8-2.1+deb9u2
Debian/spice-gtkfrom 0, < 0.35-1
Debian/spice-gtkfrom 0, < 0.25-1+deb8u1

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	HIGH8.8	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

參考連結(2)

ADVISORYhttps://security.alpinelinux.org/vuln/CVE-2018-10873
ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2018-10873