oss-sec mailing list archives
CVE-2019-3813: spice: Off-by-one error in array access in spice/server/memslot.c
From: Scott Gayou <sgayou () redhat com>
Date: Mon, 28 Jan 2019 11:53:15 -0700
Hello, spice versions 0.5.2 through 0.14.1 are vulnerable to an out-of-bounds read due to an off-by-one error in memslot_get_virt. This may lead to a denial-of-service, or, in the worst case, code-execution by unauthenticated attackers. The attached patch fixes the issue in spice and is planned to be included in forthcoming release spice 0.14.2. This issue was reported by Christophe Fergeau (Red Hat). References: https://bugzilla.redhat.com/show_bug.cgi?id=1665371 Thank you. -- Scott Gayou / Red Had Product Security
Attachment:
0001-memslot-Fix-off-by-one-error-in-group-slot-boundary-.patch
Description:
Current thread:
- CVE-2019-3813: spice: Off-by-one error in array access in spice/server/memslot.c Scott Gayou (Jan 28)
- Re: CVE-2019-3813: spice: Off-by-one error in array access in spice/server/memslot.c Peter Korsgaard (Jan 28)