CVE-2017-12194
published 2018-03-14CVE-2017-12194: A flaw was found in the way spice-client processed certain messages sent from the server. An attacker, having control of malicious spice-server, could use this…
PriorityP359critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
5.54%
91.9th percentile
A flaw was found in the way spice-client processed certain messages sent from the server. An attacker, having control of malicious spice-server, could use this flaw to crash the client or execute arbitrary code with permissions of the user running the client. spice-gtk versions through 0.34 are believed to be vulnerable.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | spice-gtk | < spice-gtk 0.35-1 (bookworm) | spice-gtk 0.35-1 (bookworm) |
| freedesktop.org | spice-gtk | — | — |
| spice-gtk_project | spice-gtk | <= 0.34 | — |
| spice-gtk_project | spice-gtk | >= 0 < 0.35-1 | 0.35-1 |
| spice-gtk_project | spice-gtk | >= 0 < 0.35-1 | 0.35-1 |
| spice-gtk_project | spice-gtk | >= 0 < 0.35-1 | 0.35-1 |
| spice-gtk_project | spice-gtk | >= 0 < 0.35-1 | 0.35-1 |
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
osv9.8CRITICAL
vendor_debian9.8CRITICAL
vendor_redhat9.8CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-r5rv-8pm6-w5ch: A flaw was found in the way spice-client processed certain messages sent from the server
ghsa_unreviewed·2022-05-14
CVE-2017-12194 [CRITICAL] CWE-20 GHSA-r5rv-8pm6-w5ch: A flaw was found in the way spice-client processed certain messages sent from the server
A flaw was found in the way spice-client processed certain messages sent from the server. An attacker, having control of malicious spice-server, could use this flaw to crash the client or execute arbitrary code with permissions of the user running the client. spice-gtk versions through 0.34 are believed to be vulnerable.
OSV
CVE-2017-12194: A flaw was found in the way spice-client processed certain messages sent from the server
osv·2018-03-14·CVSS 9.8
CVE-2017-12194 [CRITICAL] CVE-2017-12194: A flaw was found in the way spice-client processed certain messages sent from the server
A flaw was found in the way spice-client processed certain messages sent from the server. An attacker, having control of malicious spice-server, could use this flaw to crash the client or execute arbitrary code with permissions of the user running the client. spice-gtk versions through 0.34 are believed to be vulnerable.
Ubuntu
Spice vulnerability
vendor_ubuntu·2018-05-23
CVE-2017-12194 Spice vulnerability
Title: Spice vulnerability
Summary: Spice could be made to crash or run programs if it received specially crafted
network traffic.
Frediano Ziglio discovered that Spice incorrectly handled certain client
messages. An attacker could possibly use this to cause Spice to crash,
resulting in a denial of service, or possibly execute arbitrary code.
Instructions: After a standard system update you need to restart qemu guests to make all the
necessary changes.
Red Hat
spice-gtk: Integer overflows causing buffer overflows in spice-client
vendor_redhat·2018-03-14·CVSS 9.8
CVE-2017-12194 [CRITICAL] CWE-121 spice-gtk: Integer overflows causing buffer overflows in spice-client
spice-gtk: Integer overflows causing buffer overflows in spice-client
A flaw was found in the way spice-client processed certain messages sent from the server. An attacker, having control of malicious spice-server, could use this flaw to crash the client or execute arbitrary code with permissions of the user running the client. spice-gtk versions through 0.34 are believed to be vulnerable.
A flaw was found in the way spice-client processed certain messages sent from the server. An attacker, having control of malicious spice-server, could use this flaw to crash the client or execute arbitrary code with permissions of the user running the client.
Package: spice-gtk (Red Hat Enterprise Linux 6) - Will not fix
Package: spice-gtk (Red Hat Enterprise Linux 7) - Will not fix
Package: spice-g
Debian
CVE-2017-12194: spice-gtk - A flaw was found in the way spice-client processed certain messages sent from th...
vendor_debian·2017·CVSS 9.8
CVE-2017-12194 [CRITICAL] CVE-2017-12194: spice-gtk - A flaw was found in the way spice-client processed certain messages sent from th...
A flaw was found in the way spice-client processed certain messages sent from the server. An attacker, having control of malicious spice-server, could use this flaw to crash the client or execute arbitrary code with permissions of the user running the client. spice-gtk versions through 0.34 are believed to be vulnerable.
Scope: local
bookworm: resolved (fixed in 0.35-1)
bullseye: resolved (fixed in 0.35-1)
forky: resolved (fixed in 0.35-1)
sid: resolved (fixed in 0.35-1)
trixie: resolved (fixed in 0.35-1)
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2017-12194 spice-gtk: spice-gtk: Integer overflows causing buffer overflows in spice-client [fedora-all]
bugzilla·2018-03-14·CVSS 9.8
CVE-2017-12194 [CRITICAL] CVE-2017-12194 spice-gtk: spice-gtk: Integer overflows causing buffer overflows in spice-client [fedora-all]
CVE-2017-12194 spice-gtk: spice-gtk: Integer overflows causing buffer overflows in spice-client [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affe
Bugzilla
CVE-2017-12194 spice-gtk: Integer overflows causing buffer overflows in spice-client
bugzilla·2017-10-12·CVSS 9.8
CVE-2017-12194 [CRITICAL] CVE-2017-12194 spice-gtk: Integer overflows causing buffer overflows in spice-client
CVE-2017-12194 spice-gtk: Integer overflows causing buffer overflows in spice-client
When a spice-client connects to a malicious spice-server, it was possible to crash the client or execute arbitrary code with the permissions of user running the client, when certain messages were sent from the server to the spice-client.
Discussion:
More details about this flaw is available in:
https://bugzilla.redhat.com/show_bug.cgi?id=1240165
---
Created spice-gtk tracking bugs for this issue:
Affects: fedora-all [bug 1555301]
http://www.securityfocus.com/bid/103413https://bugzilla.redhat.com/show_bug.cgi?id=1501200https://security.gentoo.org/glsa/201811-20https://usn.ubuntu.com/3659-1/http://www.securityfocus.com/bid/103413https://bugzilla.redhat.com/show_bug.cgi?id=1501200https://security.gentoo.org/glsa/201811-20https://usn.ubuntu.com/3659-1/
2018-03-14
Published