Vulnerability CVE-2016-9577: Information

Description

A vulnerability was discovered in SPICE before 0.13.90 in the server's protocol handling. An authenticated attacker could send crafted messages to the SPICE server causing a heap overflow leading to a crash or possible code execution.

Severity: HIGH (8.8) Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2016-9577
Published: July 27, 2018
Modified: Nov. 7, 2023
Error type identifier: CWE-119

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
SPICEsisyphus0.13.90-alt10.15.2-alt3ALT-PU-2017-2174-1187863Fixed
SPICEp100.13.90-alt10.15.0-alt1ALT-PU-2017-2174-1187863Fixed
SPICEp90.13.90-alt10.15.0-alt1ALT-PU-2017-2174-1187863Fixed
SPICEp80.14.1-alt10.14.1-alt1ALT-PU-2019-1395-1217681Fixed
SPICEc10f10.13.90-alt10.15.0-alt1ALT-PU-2017-2174-1187863Fixed
SPICEc9f20.13.90-alt10.15.0-alt1ALT-PU-2017-2174-1187863Fixed
SPICEp110.13.90-alt10.15.2-alt3ALT-PU-2017-2174-1187863Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9577
  • Issue Tracking
  • Third Party Advisory
DSA-3790
  • Third Party Advisory
RHSA-2017:0552
  • Third Party Advisory
RHSA-2017:0254
  • Third Party Advisory
96040
  • Third Party Advisory
  • VDB Entry
RHSA-2017:0549
  • Third Party Advisory
RHSA-2017:0253
  • Third Party Advisory

    1. Configuration 1

      cpe:2.3:a:spice_project:spice:*:*:*:*:*:*:*:*
      End excliding
      0.13.90

      Configuration 2

      cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
      cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
      cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
      cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
      cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
      cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
      cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
      cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*
      cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*
      cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*
      cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*
      cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*
VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
Version: v24.5.3
Back to top