Privilege escalation in spice-gtk
| Risk | Medium |
| Patch available | NO |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2017-12194 |
| CWE-ID | CWE-190 |
| Exploitation vector | Local network |
| Public exploit | Public exploit code for vulnerability #1 is available. |
| Vulnerable software Subscribe |
spice-gtk Universal components / Libraries / Libraries used by multiple products |
| Vendor | Spice-Space |
Security Bulletin
This security bulletin contains one medium risk vulnerability.
1) Integer overflow
EUVDB-ID: #VU12053
Risk: Medium
CVSSv3.1: 7.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:P/RL:U/RC:U]
CVE-ID: CVE-2017-12194
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows an adjacent unauthenticated attacker to gain elevated privileges on the target system.
The weakness exists in the spice-gtk component due to improper sanitization of pointers and lengths when handling spice-server messages. An adjacent attacker can trick the victim into connecting to an attacker-controlled spice-server and send messages that submit malicious input, trigger integer overflow and execute arbitrary code with root privileges.
Cybersecurity is currently unaware of any solutions addressing the vulnerability.
Vulnerable software versionsspice-gtk: 0.1.0 - 0.34
External linkshttp://bugzilla.redhat.com/show_bug.cgi?id=1501200
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
