Main Vulnerability Database SB2013071901

SB2013071901 - Resource management error in spice (Alpine package)

Published: July 19, 2013

Security Bulletin ID SB2013071901

Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Resource management error (CVE-ID: CVE-2013-4130)

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

The (1) red_channel_pipes_add_type and (2) red_channel_pipes_add_empty_msg functions in server/red_channel.c in SPICE before 0.12.4 do not properly perform ring loops, which might allow remote attackers to cause a denial of service (reachable assertion and server exit) by triggering a network error.

Remediation

Install update from vendor's website.

References

https://git.alpinelinux.org/aports/commit/?id=984968f59d6f1c6a919880ce8765c45e94d8a1c4
https://git.alpinelinux.org/aports/commit/?id=db7164f78513d312fe6acb5c1a76887a54b09f4e