CVE-2016-9577

A vulnerability was discovered in SPICE before 0.13.90 in the server's protocol handling. An authenticated attacker could send crafted messages to the SPICE server causing a heap overflow leading to a crash or possible code execution.
Configurations

Configuration 1 (hide)

cpe:2.3:a:spice_project:spice:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*

History

21 Nov 2024, 03:01

Type Values Removed Values Added
References () http://rhn.redhat.com/errata/RHSA-2017-0253.html - Third Party Advisory () http://rhn.redhat.com/errata/RHSA-2017-0253.html - Third Party Advisory
References () http://rhn.redhat.com/errata/RHSA-2017-0549.html - Third Party Advisory () http://rhn.redhat.com/errata/RHSA-2017-0549.html - Third Party Advisory
References () http://www.securityfocus.com/bid/96040 - Third Party Advisory, VDB Entry () http://www.securityfocus.com/bid/96040 - Third Party Advisory, VDB Entry
References () https://access.redhat.com/errata/RHSA-2017:0254 - Third Party Advisory () https://access.redhat.com/errata/RHSA-2017:0254 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2017:0552 - Third Party Advisory () https://access.redhat.com/errata/RHSA-2017:0552 - Third Party Advisory
References () https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9577 - Issue Tracking, Third Party Advisory () https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9577 - Issue Tracking, Third Party Advisory
References () https://www.debian.org/security/2017/dsa-3790 - Third Party Advisory () https://www.debian.org/security/2017/dsa-3790 - Third Party Advisory
CVSS v2 : 6.5
v3 : 8.8
v2 : 6.5
v3 : 7.5

Information

Published : 2018-07-27 20:29

Updated : 2024-11-21 03:01


NVD link : CVE-2016-9577

Mitre link : CVE-2016-9577

CVE.ORG link : CVE-2016-9577


JSON object : View

Products Affected

redhat

  • enterprise_linux_server
  • enterprise_linux_server_eus
  • enterprise_linux_desktop
  • enterprise_linux_server_aus
  • enterprise_linux_workstation

spice_project

  • spice

debian

  • debian_linux
CWE
CWE-20

Improper Input Validation

CWE-122

Heap-based Buffer Overflow

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer