CVE-2020-25651

spice-vdagent: possible file transfer DoS and information leak via active_xfers hash map

Severity Score

6.4

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

A flaw was found in the SPICE file transfer protocol. File data from the host system can end up in full or in parts in the client connection of an illegitimate local user in the VM system. Active file transfers from other users could also be interrupted, resulting in a denial of service. The highest threat from this vulnerability is to data confidentiality as well as system availability. This flaw affects spice-vdagent versions 0.20 and prior.

Se encontró un fallo en el protocolo de transferencia de archivos SPICE. Los datos de archivo del sistema host pueden terminar en su totalidad o en partes en la conexión del cliente de un usuario local ilegítimo en el sistema de la VM. Las transferencias de archivos activas de otros usuarios también podrían ser interrumpidas, resultando en una denegación de servicio. La mayor amenaza de esta vulnerabilidad es la confidencialidad de los datos y la disponibilidad del sistema. Este fallo afecta a spice-vdagent versiones 0.20 y anteriores

A flaw was found in the SPICE file transfer protocol. File data from the host system can partially or fully end up in the client connection of an unauthorized local user in the VM system. Active file transfers from other users could also be interrupted, resulting in a denial of service. The highest threat from this vulnerability is to confidentiality as well as system availability.

*Credits: N/A

Attack Vector

Local

Attack Complexity

High

Privileges Required

Low

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

None

Availability

Low

Attack Vector

Local

Attack Complexity

Medium

Authentication

None

Confidentiality

Partial

Integrity

None

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2020-09-16 CVE Reserved
2020-11-04 CVE Published
2023-03-08 EPSS Updated
2024-08-04 CVE Updated
2024-08-04 First Exploit
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

CAPEC

References (6)

URL	Tag	Source
https://lists.debian.org/debian-lts-announce/2021/01/msg00012.html	Mailing List

URL	Date	SRC
https://www.openwall.com/lists/oss-security/2020/11/04/1	2024-08-04

URL	Date	SRC
https://bugzilla.redhat.com/show_bug.cgi?id=1886359	2021-05-18

URL	Date	SRC
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GQT56LATVTB2DJOVVJOKQVMVUXYCT2VB	2023-11-07
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OIWJ2EIQXWEA2VDBODEATHAT37X4CREP	2023-11-07
https://access.redhat.com/security/cve/CVE-2020-25651	2021-05-18

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Spice-space Search vendor "Spice-space"		Spice-vdagent Search vendor "Spice-space" for product "Spice-vdagent"				<= 0.20.0 Search vendor "Spice-space" for product "Spice-vdagent" and version " <= 0.20.0"		-		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0"		-		Affected
Fedoraproject Search vendor "Fedoraproject"		Fedora Search vendor "Fedoraproject" for product "Fedora"				32 Search vendor "Fedoraproject" for product "Fedora" and version "32"		-		Affected
Fedoraproject Search vendor "Fedoraproject"		Fedora Search vendor "Fedoraproject" for product "Fedora"				33 Search vendor "Fedoraproject" for product "Fedora" and version "33"		-		Affected