CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 1CVE-2021-20201 – spice: Client initiated renegotiation denial of service
https://notcve.org/view.php?id=CVE-2021-20201
19 May 2021 — A flaw was found in spice in versions before 0.14.92. A DoS tool might make it easier for remote attackers to cause a denial of service (CPU consumption) by performing many renegotiations within a single connection. Se encontró un fallo en spice en versiones anteriores a 0.14.92. Una herramienta DoS podría facilitar a atacantes remotos causar una denegación de servicio (consumo de CPU) al llevar a cabo muchas renegociaciones dentro de una sola conexión A flaw was found in spice. A DoS tool might make i... • https://blog.qualys.com/product-tech/2011/10/31/tls-renegotiation-and-denial-of-service-attacks • CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.6EPSS: 1%CPEs: 15EXPL: 0CVE-2020-14355 – spice: multiple buffer overflow vulnerabilities in QUIC decoding code
https://notcve.org/view.php?id=CVE-2020-14355
06 Oct 2020 — Multiple buffer overflow vulnerabilities were found in the QUIC image decoding process of the SPICE remote display system, before spice-0.14.2-1. Both the SPICE client (spice-gtk) and server are affected by these flaws. These flaws allow a malicious client or server to send specially crafted messages that, when processed by the QUIC image compression algorithm, result in a process crash or potential code execution. Se encontraron múltiples vulnerabilidades de desbordamiento de búfer en el proceso de decodif... • http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00000.html • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 8.0EPSS: 0%CPEs: 16EXPL: 0CVE-2019-3813 – spice: Off-by-one error in array access in spice/server/memslot.c
https://notcve.org/view.php?id=CVE-2019-3813
29 Jan 2019 — Spice, versions 0.5.2 through 0.14.1, are vulnerable to an out-of-bounds read due to an off-by-one error in memslot_get_virt. This may lead to a denial of service, or, in the worst case, code-execution by unauthenticated attackers. Spice, desde la versión 0.5.2 hasta la 0.14.1, son vulnerables a una lectura fuera de límites debido a un error por un paso en memslot_get_virt. Esto podría conducir a una denegación de servicio (DoS) o, en el peor de los casos, la ejecución de código por parte de atacantes no au... • http://www.securityfocus.com/bid/106801 • CWE-193: Off-by-one Error •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-10893 – spice-client: Insufficient encoding checks for LZ can cause different integer/buffer overflows
https://notcve.org/view.php?id=CVE-2018-10893
11 Sep 2018 — Multiple integer overflow and buffer overflow issues were discovered in spice-client's handling of LZ compressed frames. A malicious server could cause the client to crash or, potentially, execute arbitrary code. Se han descubierto múltiples problemas de desbordamiento de enteros y desbordamiento de búfer en el manejo de spice-client de los frames comprimidos LZ. Un servidor malicioso podría provocar que el cliente se cierre inesperadamente o ejecute código arbitrario. The spice-gtk packages provide a GIMP ... • https://access.redhat.com/errata/RHSA-2019:2229 • CWE-122: Heap-based Buffer Overflow CWE-190: Integer Overflow or Wraparound •
CVSS: 8.8EPSS: 0%CPEs: 18EXPL: 0CVE-2018-10873 – spice: Missing check in demarshal.py:write_validate_array_item() allows for buffer overflow and denial of service
https://notcve.org/view.php?id=CVE-2018-10873
17 Aug 2018 — A vulnerability was discovered in SPICE before version 0.14.1 where the generated code used for demarshalling messages lacked sufficient bounds checks. A malicious client or server, after authentication, could send specially crafted messages to its peer which would result in a crash or, potentially, other impacts. Se ha descubierto una vulnerabilidad en SPICE en versiones anteriores a la 0.14.1 en la que el código generado utilizado para deserializar mensajes carecía de comprobaciones de límites suficientes... • http://www.securityfocus.com/bid/105152 • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 15%CPEs: 1EXPL: 0CVE-2017-12194 – Gentoo Linux Security Advisory 201811-20
https://notcve.org/view.php?id=CVE-2017-12194
14 Mar 2018 — A flaw was found in the way spice-client processed certain messages sent from the server. An attacker, having control of malicious spice-server, could use this flaw to crash the client or execute arbitrary code with permissions of the user running the client. spice-gtk versions through 0.34 are believed to be vulnerable. >Se ha encontrado un error en la forma en la que spice-client procesaba ciertos mensajes enviados desde el servidor. Un atacante con control del spice-server malicioso podría emplear este e... • http://www.securityfocus.com/bid/103413 • CWE-20: Improper Input Validation CWE-121: Stack-based Buffer Overflow •
CVSS: 9.1EPSS: 1%CPEs: 30EXPL: 0CVE-2017-7506 – spice: Possible buffer overflow via invalid monitor configurations
https://notcve.org/view.php?id=CVE-2017-7506
18 Jul 2017 — spice versions though 0.13 are vulnerable to out-of-bounds memory access when processing specially crafted messages from authenticated attacker to the spice server resulting into crash and/or server memory leak. Spice versiones hasta 0.13, son vulnerables al acceso a la memoria fuera de límites al procesar mensajes especialmente creados desde el atacante autenticado hasta el servidor de Spice, resultando en un bloqueo y/o pérdida de memoria del servidor. A vulnerability was discovered in spice server's prot... • http://www.debian.org/security/2017/dsa-3907 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.5EPSS: 0%CPEs: 37EXPL: 0CVE-2016-3066
https://notcve.org/view.php?id=CVE-2016-3066
06 Jun 2017 — The spice-gtk widget allows remote authenticated users to obtain information from the host clipboard. El widget spice-gtk permite a los usuarios autorizados obtener de forma remota información del portapapeles del host. • https://bugzilla.redhat.com/show_bug.cgi?id=1320263 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 5%CPEs: 13EXPL: 0CVE-2016-9577 – spice: Buffer overflow in main_channel_alloc_msg_rcv_buf when reading large messages
https://notcve.org/view.php?id=CVE-2016-9577
06 Feb 2017 — A vulnerability was discovered in SPICE before 0.13.90 in the server's protocol handling. An authenticated attacker could send crafted messages to the SPICE server causing a heap overflow leading to a crash or possible code execution. Se ha descubierto una vulnerabilidad en SPICE en versiones anteriores a la 0.13.90 en el manejo del protocolo del servidor. Un atacante autenticado podría enviar mensajes al servidor SPICE provocando un desbordamiento de memoria dinámica (heap) que provocaría un cierre inesper... • http://rhn.redhat.com/errata/RHSA-2017-0253.html • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 7.5EPSS: 3%CPEs: 13EXPL: 0CVE-2016-9578 – spice: Remote DoS via crafted message
https://notcve.org/view.php?id=CVE-2016-9578
06 Feb 2017 — A vulnerability was discovered in SPICE before 0.13.90 in the server's protocol handling. An attacker able to connect to the SPICE server could send crafted messages which would cause the process to crash. Se ha descubierto una vulnerabilidad en SPICE en versiones anteriores a la 0.13.90 en el manejo del protocolo del servidor. Un atacante capaz de conectarse al servidor de SPICE podría enviar mensajes manipulados que podría provocar el cierre inesperado del proceso. A vulnerability was discovered in SPICE ... • http://rhn.redhat.com/errata/RHSA-2017-0253.html • CWE-20: Improper Input Validation CWE-770: Allocation of Resources Without Limits or Throttling •