CVE-2018-10893Heap-based Buffer Overflow in Spice-gtk

CWE-122Heap-based Buffer OverflowCWE-190Integer Overflow or Wraparound8 documents6 sources
Severity
8.8HIGHNVD
EPSS
0.4%
top 40.33%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Spice-gtk Project Spice-gtkDebian Spice-gtkRED HAT Spice-client
Timeline
PublishedSep 11
Latest updateMay 14

Description

Multiple integer overflow and buffer overflow issues were discovered in spice-client's handling of LZ compressed frames. A malicious server could cause the client to crash or, potentially, execute arbitrary code.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages3 packages

CVEListV5red_hat/spice-clientn/a
debiandebian/spice-gtk< spice-gtk 0.37-1 (bookworm)
Debianspice-gtk_project/spice-gtk< 0.37-1+3

Patches

Patch: bugzilla.redhat.comPatch: lists.freedesktop.orgPatch: bugzilla.redhat.com

🔴Vulnerability Details

2
GHSA
GHSA-5jqv-xfc2-wmwv: Multiple integer overflow and buffer overflow issues were discovered in spice-client's handling of LZ compressed frames2022-05-14
OSV
CVE-2018-10893: Multiple integer overflow and buffer overflow issues were discovered in spice-client's handling of LZ compressed frames2018-09-11

📋Vendor Advisories

2
Red Hat
spice-client: Insufficient encoding checks for LZ can cause different integer/buffer overflows2018-06-25
Debian
CVE-2018-10893: spice-gtk - Multiple integer overflow and buffer overflow issues were discovered in spice-cl...2018

💬Community

3
Bugzilla
CVE-2018-10893 spice-gtk: spice-client: Insufficient encoding checks for LZ can cause different integer/buffer overflows [fedora-all]2018-07-04
Bugzilla
CVE-2018-10893 mingw-spice-gtk: spice-client: Insufficient encoding checks for LZ can cause different integer/buffer overflows [fedora-all]2018-07-04
Bugzilla
CVE-2018-10893 spice-client: Insufficient encoding checks for LZ can cause different integer/buffer overflows2018-07-04