CVE-2016-9578

CWE-20 — Improper Input Validation CWE-770 — Allocation without Limits CWE-12868 documents8 sources

Severity

7.5HIGH

EPSS

3.3%

top 12.71%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Spice Project Spice RED HAT Spice Debian Debian Linux +5 more

Timeline

PublishedJul 27

Latest updateMay 13

Description

A vulnerability was discovered in SPICE before 0.13.90 in the server's protocol handling. An attacker able to connect to the SPICE server could send crafted messages which would cause the process to crash.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages6 packages

▶NVDspice_project/spice< 0.13.90

▶Debianspice< 0.12.8-2.1+3

▶CVEListV5red_hat/spice0.13.90

▶NVDredhat/enterprise_linux_server6.0, 7.0+1

▶NVDredhat/enterprise_linux_desktop6.0, 7.0+1

Also affects: Debian Linux 8.0, Enterprise Linux 7.3, 7.4, 7.5

🔴Vulnerability Details

GHSA

GHSA-9m3r-8p8r-j38x: A vulnerability was discovered in SPICE before 0↗2022-05-13

▶

CVEList

CVE-2016-9578: A vulnerability was discovered in SPICE before 0↗2018-07-27

▶

OSV

CVE-2016-9578: A vulnerability was discovered in SPICE before 0↗2018-07-27

▶

📋Vendor Advisories

Ubuntu

Spice vulnerabilities↗2017-02-20

▶

Red Hat

spice: Remote DoS via crafted message↗2017-02-06

▶

Debian

CVE-2016-9578: spice - A vulnerability was discovered in SPICE before 0.13.90 in the server's protocol ...↗2016

▶

💬Community

Bugzilla

CVE-2016-9578 spice: Remote DoS via crafted message↗2016-11-29

▶