CVE-2021-20201 – spice: Client initiated renegotiation denial of service
https://notcve.org/view.php?id=CVE-2021-20201
A flaw was found in spice in versions before 0.14.92. A DoS tool might make it easier for remote attackers to cause a denial of service (CPU consumption) by performing many renegotiations within a single connection. Se encontró un fallo en spice en versiones anteriores a 0.14.92. Una herramienta DoS podría facilitar a atacantes remotos causar una denegación de servicio (consumo de CPU) al llevar a cabo muchas renegociaciones dentro de una sola conexión A flaw was found in spice. A DoS tool might make it easier for remote attackers to cause a denial of service (CPU consumption) by performing many renegotiations within a single connection. • https://blog.qualys.com/product-tech/2011/10/31/tls-renegotiation-and-denial-of-service-attacks https://bugzilla.redhat.com/show_bug.cgi?id=1921846 https://security.gentoo.org/glsa/202208-10 https://access.redhat.com/security/cve/CVE-2021-20201 • CWE-400: Uncontrolled Resource Consumption •
CVE-2020-14355 – spice: multiple buffer overflow vulnerabilities in QUIC decoding code
https://notcve.org/view.php?id=CVE-2020-14355
Multiple buffer overflow vulnerabilities were found in the QUIC image decoding process of the SPICE remote display system, before spice-0.14.2-1. Both the SPICE client (spice-gtk) and server are affected by these flaws. These flaws allow a malicious client or server to send specially crafted messages that, when processed by the QUIC image compression algorithm, result in a process crash or potential code execution. Se encontraron múltiples vulnerabilidades de desbordamiento de búfer en el proceso de decodificación de imágenes QUIC del sistema de visualización remota SPICE, versiones anteriores a spice-0.14.2-1. Tanto el cliente SPICE (spice-gtk) como el servidor están afectados por estos defectos. • http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00001.html https://bugzilla.redhat.com/show_bug.cgi?id=1868435 https://lists.debian.org/debian-lts-announce/2020/11/msg00001.html https://lists.debian.org/debian-lts-announce/2020/11/msg00002.html https://usn.ubuntu.com/4572-1 https://usn.ubuntu.com/4572-2 https://www.debian.org/security/2020/dsa-4771 https://www.openwall.com/lists/oss • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVE-2019-3813 – spice: Off-by-one error in array access in spice/server/memslot.c
https://notcve.org/view.php?id=CVE-2019-3813
Spice, versions 0.5.2 through 0.14.1, are vulnerable to an out-of-bounds read due to an off-by-one error in memslot_get_virt. This may lead to a denial of service, or, in the worst case, code-execution by unauthenticated attackers. Spice, desde la versión 0.5.2 hasta la 0.14.1, son vulnerables a una lectura fuera de límites debido a un error por un paso en memslot_get_virt. Esto podría conducir a una denegación de servicio (DoS) o, en el peor de los casos, la ejecución de código por parte de atacantes no autenticados. • http://www.securityfocus.com/bid/106801 https://access.redhat.com/errata/RHSA-2019:0231 https://access.redhat.com/errata/RHSA-2019:0232 https://access.redhat.com/errata/RHSA-2019:0457 https://bugzilla.redhat.com/show_bug.cgi?id=1665371 https://lists.debian.org/debian-lts-announce/2019/01/msg00026.html https://security.gentoo.org/glsa/202007-30 https://usn.ubuntu.com/3870-1 https://www.debian.org/security/2019/dsa-4375 https://access.redhat.com/security/cve/CVE-2 • CWE-193: Off-by-one Error •
CVE-2018-10893 – spice-client: Insufficient encoding checks for LZ can cause different integer/buffer overflows
https://notcve.org/view.php?id=CVE-2018-10893
Multiple integer overflow and buffer overflow issues were discovered in spice-client's handling of LZ compressed frames. A malicious server could cause the client to crash or, potentially, execute arbitrary code. Se han descubierto múltiples problemas de desbordamiento de enteros y desbordamiento de búfer en el manejo de spice-client de los frames comprimidos LZ. Un servidor malicioso podría provocar que el cliente se cierre inesperadamente o ejecute código arbitrario. • https://access.redhat.com/errata/RHSA-2019:2229 https://access.redhat.com/errata/RHSA-2020:0471 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10893 https://lists.freedesktop.org/archives/spice-devel/2018-July/044489.html https://access.redhat.com/security/cve/CVE-2018-10893 https://bugzilla.redhat.com/show_bug.cgi?id=1598234 • CWE-122: Heap-based Buffer Overflow CWE-190: Integer Overflow or Wraparound •
CVE-2018-10873 – spice: Missing check in demarshal.py:write_validate_array_item() allows for buffer overflow and denial of service
https://notcve.org/view.php?id=CVE-2018-10873
A vulnerability was discovered in SPICE before version 0.14.1 where the generated code used for demarshalling messages lacked sufficient bounds checks. A malicious client or server, after authentication, could send specially crafted messages to its peer which would result in a crash or, potentially, other impacts. Se ha descubierto una vulnerabilidad en SPICE en versiones anteriores a la 0.14.1 en la que el código generado utilizado para deserializar mensajes carecía de comprobaciones de límites suficientes. Un cliente o servidor malicioso, después de la autenticación, podría enviar mensajes especialmente manipulados a su peer, lo que resultaría en un cierre inesperado o, potencialmente, otros impactos. A vulnerability was discovered in SPICE where the generated code used for demarshalling messages lacked sufficient bounds checks. • http://www.securityfocus.com/bid/105152 https://access.redhat.com/errata/RHSA-2018:2731 https://access.redhat.com/errata/RHSA-2018:2732 https://access.redhat.com/errata/RHSA-2018:3470 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10873 https://gitlab.freedesktop.org/spice/spice-common/commit/bb15d4815ab586b4c4a20f4a565970a44824c42c https://lists.debian.org/debian-lts-announce/2018/08/msg00035.html https://lists.debian.org/debian-lts-announce/2018/08/msg00037.html https://lists.debi • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •