CVE-2017-7506

CWE-119 — Buffer Overflow CWE-6819 documents8 sources

Severity

8.8HIGH

EPSS

0.9%

top 24.59%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

THE Spice Project Spice Spice Project Spice

Timeline

PublishedJul 18

Latest updateMay 14

Description

spice versions though 0.13 are vulnerable to out-of-bounds memory access when processing specially crafted messages from authenticated attacker to the spice server resulting into crash and/or server memory leak.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages3 packages

▶Debianspice< 0.12.8-2.2+3

▶NVDspice_project/spice30 versions+29

▶CVEListV5the_spice_project/spiceall versions through 0.13

🔴Vulnerability Details

GHSA

GHSA-3pjw-h9v6-f5x8: spice versions though 0↗2022-05-14

▶

OSV

CVE-2017-7506: spice versions though 0↗2017-07-18

▶

CVEList

CVE-2017-7506: spice versions though 0↗2017-07-18

▶

📋Vendor Advisories

Ubuntu

Spice vulnerability↗2017-07-19

▶

Red Hat

spice: Possible buffer overflow via invalid monitor configurations↗2017-07-11

▶

Debian

CVE-2017-7506: spice - spice versions though 0.13 are vulnerable to out-of-bounds memory access when pr...↗2017

▶

💬Community

Bugzilla

CVE-2017-7506 spice: Possible buffer overflow via invalid monitor configurations [fedora-all]↗2017-07-11

▶

Bugzilla

CVE-2017-7506 spice: Possible buffer overflow via invalid monitor configurations↗2017-05-19

▶