Vulnerability Details : CVE-2018-10873
A vulnerability was discovered in SPICE before version 0.14.1 where the generated code used for demarshalling messages lacked sufficient bounds checks. A malicious client or server, after authentication, could send specially crafted messages to its peer which would result in a crash or, potentially, other impacts.
Vulnerability category: OverflowInput validation
Products affected by CVE-2018-10873
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:virtualization_host:4.0:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
- cpe:2.3:a:spice_project:spice:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-10873
0.18%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 54 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-10873
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.5
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:P/A:P |
8.0
|
6.4
|
NIST | |
8.8
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
NIST | |
8.3
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H |
2.8
|
5.5
|
Red Hat, Inc. |
CWE ids for CVE-2018-10873
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: secalert@redhat.com (Secondary)
References for CVE-2018-10873
-
https://access.redhat.com/errata/RHSA-2018:2732
RHSA-2018:2732 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2018:3470
RHSA-2018:3470 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://usn.ubuntu.com/3751-1/
USN-3751-1: Spice vulnerability | Ubuntu security noticesThird Party Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10873
1596008 – (CVE-2018-10873) CVE-2018-10873 spice: Missing check in demarshal.py:write_validate_array_item() allows for buffer overflow and denial of serviceIssue Tracking;Third Party Advisory
-
https://www.debian.org/security/2018/dsa-4319
Debian -- Security Information -- DSA-4319-1 spiceThird Party Advisory
-
https://gitlab.freedesktop.org/spice/spice-common/commit/bb15d4815ab586b4c4a20f4a565970a44824c42c
Fix flexible array buffer overflow (bb15d481) · Commits · spice / spice-common · GitLabPatch;Third Party Advisory
-
https://access.redhat.com/errata/RHSA-2018:2731
RHSA-2018:2731 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://lists.debian.org/debian-lts-announce/2018/08/msg00035.html
[SECURITY] [DLA 1488-1] spice security updateMailing List;Third Party Advisory
-
https://lists.debian.org/debian-lts-announce/2018/08/msg00037.html
[SECURITY] [DLA 1486-1] spice security updateMailing List;Third Party Advisory
-
https://lists.debian.org/debian-lts-announce/2018/08/msg00038.html
[SECURITY] [DLA 1489-1] spice-gtk security updateMailing List;Third Party Advisory
-
http://www.securityfocus.com/bid/105152
Spice CVE-2018-10873 Buffer Overflow VulnerabilityThird Party Advisory;VDB Entry
Jump to