oss-sec mailing list archives
spice-server: CVE-2016-9577, CVE-2016-9578: remote DoS and buffer overflow from crafted messages
From: Doran Moppert <dmoppert () redhat com>
Date: Thu, 23 Feb 2017 18:26:20 +1030
Two vulnerabilities in the server component of SPICE <https://spice-space.org/> were recently assigned CVEs by Red Hat - distros got notified during embargo, but I neglected to follow up here: - CVE-2016-9577 spice: Buffer overflow in main_channel_alloc_msg_rcv_buf <https://bugzilla.redhat.com/show_bug.cgi?id=1401603> - CVE-2016-9578 spice: Remote DoS via crafted message <https://bugzilla.redhat.com/show_bug.cgi?id=1399566> Both of these attacks are accessible to unauthenticated attackers that can make connections to the SPICE server. CVE-2016-9577 may lead to code execution (heap overflow), while the impact of CVE-2016-9578 is limited to denial of service. Both issues were reported by Frediano Ziglio, and fixed in the following upstream commits: https://cgit.freedesktop.org/spice/spice/commit/?id=ec124b982abcd23364963ffcd4c370b1ec962fc9 https://cgit.freedesktop.org/spice/spice/commit/?id=e16eee1d8be00b186437bf61e4e1871cd8d0211a https://cgit.freedesktop.org/spice/spice/commit/?id=1d3e26c0ee75712fa4bbbcfa09d8d5866b66c8af -- Doran Moppert Red Hat Product Security
Attachment:
_bin
Description:
Current thread:
- spice-server: CVE-2016-9577, CVE-2016-9578: remote DoS and buffer overflow from crafted messages Doran Moppert (Feb 22)