Spice Project » Spice : Security Vulnerabilities, CVEs, Published In 2013
Stack-based buffer overflow in the reds_handle_ticket function in server/reds.c in SPICE 0.12.0 allows remote attackers to cause a denial of service (crash) via a long password in a SPICE ticket.
Max CVSS
5.0
EPSS Score
7.21%
Published
2013-11-02
Updated
2023-02-13
The (1) red_channel_pipes_add_type and (2) red_channel_pipes_add_empty_msg functions in server/red_channel.c in SPICE before 0.12.4 do not properly perform ring loops, which might allow remote attackers to cause a denial of service (reachable assertion and server exit) by triggering a network error.
Max CVSS
5.0
EPSS Score
2.09%
Published
2013-08-20
Updated
2014-01-24
2 vulnerabilities found