CVE-2018-10893
published 2018-09-11CVE-2018-10893: Multiple integer overflow and buffer overflow issues were discovered in spice-client's handling of LZ compressed frames. A malicious server could cause the…
PriorityP347high8.8CVSS 3.0
AVNACLPRLUINSUCHIHAH
EPSS
2.36%
81.7th percentile
Multiple integer overflow and buffer overflow issues were discovered in spice-client's handling of LZ compressed frames. A malicious server could cause the client to crash or, potentially, execute arbitrary code.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | spice-gtk | < spice-gtk 0.37-1 (bookworm) | spice-gtk 0.37-1 (bookworm) |
| red_hat | spice-client | — | — |
| spice-gtk_project | spice-gtk | >= 0 < 0.37-1 | 0.37-1 |
| spice-gtk_project | spice-gtk | >= 0 < 0.37-1 | 0.37-1 |
| spice-gtk_project | spice-gtk | >= 0 < 0.37-1 | 0.37-1 |
| spice-gtk_project | spice-gtk | >= 0 < 0.37-1 | 0.37-1 |
CVSS provenance
nvdv3.08.8HIGHCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
osv8.8HIGH
vendor_debian7.6HIGH
vendor_redhat7.6HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-5jqv-xfc2-wmwv: Multiple integer overflow and buffer overflow issues were discovered in spice-client's handling of LZ compressed frames
ghsa_unreviewed·2022-05-14
CVE-2018-10893 [HIGH] CWE-190 GHSA-5jqv-xfc2-wmwv: Multiple integer overflow and buffer overflow issues were discovered in spice-client's handling of LZ compressed frames
Multiple integer overflow and buffer overflow issues were discovered in spice-client's handling of LZ compressed frames. A malicious server could cause the client to crash or, potentially, execute arbitrary code.
OSV
CVE-2018-10893: Multiple integer overflow and buffer overflow issues were discovered in spice-client's handling of LZ compressed frames
osv·2018-09-11·CVSS 8.8
CVE-2018-10893 [HIGH] CVE-2018-10893: Multiple integer overflow and buffer overflow issues were discovered in spice-client's handling of LZ compressed frames
Multiple integer overflow and buffer overflow issues were discovered in spice-client's handling of LZ compressed frames. A malicious server could cause the client to crash or, potentially, execute arbitrary code.
Red Hat
spice-client: Insufficient encoding checks for LZ can cause different integer/buffer overflows
vendor_redhat·2018-06-25·CVSS 7.6
CVE-2018-10893 [HIGH] CWE-190 spice-client: Insufficient encoding checks for LZ can cause different integer/buffer overflows
spice-client: Insufficient encoding checks for LZ can cause different integer/buffer overflows
Multiple integer overflow and buffer overflow issues were discovered in spice-client's handling of LZ compressed frames. A malicious server could cause the client to crash or, potentially, execute arbitrary code.
Multiple integer overflow and buffer overflow issues were discovered in spice-client's handling of LZ compressed frames. A malicious server could cause the client to crash or, potentially, execute arbitrary code.
Package: spice-client (Red Hat Enterprise Linux 6) - Will not fix
Package: spice-gtk (Red Hat Enterprise Linux 8) - Not affected
Debian
CVE-2018-10893: spice-gtk - Multiple integer overflow and buffer overflow issues were discovered in spice-cl...
vendor_debian·2018·CVSS 7.6
CVE-2018-10893 [HIGH] CVE-2018-10893: spice-gtk - Multiple integer overflow and buffer overflow issues were discovered in spice-cl...
Multiple integer overflow and buffer overflow issues were discovered in spice-client's handling of LZ compressed frames. A malicious server could cause the client to crash or, potentially, execute arbitrary code.
Scope: local
bookworm: resolved (fixed in 0.37-1)
bullseye: resolved (fixed in 0.37-1)
forky: resolved (fixed in 0.37-1)
sid: resolved (fixed in 0.37-1)
trixie: resolved (fixed in 0.37-1)
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2018-10893 spice-gtk: spice-client: Insufficient encoding checks for LZ can cause different integer/buffer overflows [fedora-all]
bugzilla·2018-07-04·CVSS 7.6
CVE-2018-10893 [HIGH] CVE-2018-10893 spice-gtk: spice-client: Insufficient encoding checks for LZ can cause different integer/buffer overflows [fedora-all]
CVE-2018-10893 spice-gtk: spice-client: Insufficient encoding checks for LZ can cause different integer/buffer overflows [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit messag
Bugzilla
CVE-2018-10893 mingw-spice-gtk: spice-client: Insufficient encoding checks for LZ can cause different integer/buffer overflows [fedora-all]
bugzilla·2018-07-04·CVSS 7.6
CVE-2018-10893 [HIGH] CVE-2018-10893 mingw-spice-gtk: spice-client: Insufficient encoding checks for LZ can cause different integer/buffer overflows [fedora-all]
CVE-2018-10893 mingw-spice-gtk: spice-client: Insufficient encoding checks for LZ can cause different integer/buffer overflows [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit
Bugzilla
CVE-2018-10893 spice-client: Insufficient encoding checks for LZ can cause different integer/buffer overflows
bugzilla·2018-07-04·CVSS 7.6
CVE-2018-10893 [HIGH] CVE-2018-10893 spice-client: Insufficient encoding checks for LZ can cause different integer/buffer overflows
CVE-2018-10893 spice-client: Insufficient encoding checks for LZ can cause different integer/buffer overflows
A flaw was found in spice-client. An improper check on LZ images sent by the server could lead to an integer/buffer overflows on the client.
References:
https://bugzilla.redhat.com/show_bug.cgi?id=1594904
Discussion:
Created mingw-spice-gtk tracking bugs for this issue:
Affects: fedora-all [bug 1598236]
Created spice-gtk tracking bugs for this issue:
Affects: fedora-all [bug 1598235]
---
Hi Laura
Since the Red Hat reference is not accessible, are there any details available for this issue? Is the issue adressed already?
Regards,
Salvatore
---
Acknowledgments:
Name: Frediano Ziglio (Red Hat)
---
Created attachment 1459094
First patch
---
Created attachment 145909
https://access.redhat.com/errata/RHSA-2019:2229https://access.redhat.com/errata/RHSA-2020:0471https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10893https://lists.freedesktop.org/archives/spice-devel/2018-July/044489.htmlhttps://access.redhat.com/errata/RHSA-2019:2229https://access.redhat.com/errata/RHSA-2020:0471https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10893https://lists.freedesktop.org/archives/spice-devel/2018-July/044489.html
2018-09-11
Published