Vulnerability CVE-2019-3813: Information

Description

Spice, versions 0.5.2 through 0.14.1, are vulnerable to an out-of-bounds read due to an off-by-one error in memslot_get_virt. This may lead to a denial of service, or, in the worst case, code-execution by unauthenticated attackers.

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2019-3813
Published: Feb. 4, 2019
Modified: April 26, 2022
Error type identifier: CWE-193

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
SPICEsisyphus0.14.2-alt10.15.2-alt3ALT-PU-2019-1972-1231199Fixed
SPICEp100.14.2-alt10.15.0-alt1ALT-PU-2019-1972-1231199Fixed
SPICEp90.14.2-alt10.15.0-alt1ALT-PU-2019-1989-1231442Fixed
SPICEc10f10.14.2-alt10.15.0-alt1ALT-PU-2019-1972-1231199Fixed
SPICEc9f20.14.2-alt10.15.0-alt1ALT-PU-2019-1989-1231442Fixed
SPICEp110.14.2-alt10.15.2-alt3ALT-PU-2019-1972-1231199Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://bugzilla.redhat.com/show_bug.cgi?id=1665371
  • Issue Tracking
  • Third Party Advisory
DSA-4375
  • Third Party Advisory
USN-3870-1
  • Third Party Advisory
[debian-lts-announce] 20190130 [SECURITY] [DLA 1649-1] spice security update
  • Mailing List
  • Third Party Advisory
RHSA-2019:0232
  • Third Party Advisory
RHSA-2019:0231
  • Third Party Advisory
106801
  • Broken Link
RHSA-2019:0457
  • Third Party Advisory
GLSA-202007-30
  • Third Party Advisory

    1. Configuration 1

      cpe:2.3:a:spice_project:spice:*:*:*:*:*:*:*:*
      Start including
      0.5.2
      End including
      0.14.1

      Configuration 2

      cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
      cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
      cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
      cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
      cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
      cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
      cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
      cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*
      cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*

      Configuration 3

      cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
      cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

      Configuration 4

      cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
      cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
      cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
      cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*
VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
Version: v24.5.3
Back to top