CVE-2016-9577
published 2018-07-27CVE-2016-9577: A vulnerability was discovered in SPICE before 0.13.90 in the server's protocol handling. An authenticated attacker could send crafted messages to the SPICE…
high8.8CVSS 3.0
AVNACLPRLUINSUCHIHAH
A vulnerability was discovered in SPICE before 0.13.90 in the server's protocol handling. An authenticated attacker could send crafted messages to the SPICE server causing a heap overflow leading to a crash or possible code execution.
Affected
19 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | spice | < spice 0.12.8-2.1 (bookworm) | spice 0.12.8-2.1 (bookworm) |
| red_hat | spice | — | — |
| redhat | enterprise_linux_desktop | — | — |
| redhat | enterprise_linux_desktop | — | — |
| redhat | enterprise_linux_server | — | — |
| redhat | enterprise_linux_server | — | — |
| redhat | enterprise_linux_server_aus | — | — |
| redhat | enterprise_linux_server_aus | — | — |
| redhat | enterprise_linux_server_eus | — | — |
| redhat | enterprise_linux_server_eus | — | — |
| redhat | enterprise_linux_server_eus | — | — |
| redhat | enterprise_linux_workstation | — | — |
| redhat | enterprise_linux_workstation | — | — |
| spice_project | spice | < 0.13.90 | 0.13.90 |
| spice_project | spice | >= 0 < 0.12.8-2.1 | 0.12.8-2.1 |
| spice_project | spice | >= 0 < 0.12.8-2.1 | 0.12.8-2.1 |
| spice_project | spice | >= 0 < 0.12.8-2.1 | 0.12.8-2.1 |
| spice_project | spice | >= 0 < 0.12.8-2.1 | 0.12.8-2.1 |
CVSS provenance
nvdv3.08.8HIGHCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
osv8.8HIGH