Arch Linux update for spice

Published: 2019-02-11 | Updated: 2019-02-11
Severity Medium
Patch available YES
Number of vulnerabilities 1
CVE ID CVE-2019-3813
CWE ID CWE-193
Exploitation vector Local network
Public exploit N/A
Vulnerable software Arch Linux Subscribe
Vendor Arch Linux

Security Advisory

This security advisory describes one medium risk vulnerability.

1) Off-by-one

Severity: Medium

CVSSv3: 7 [CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2019-3813

CWE-ID: CWE-193 - Off-by-one Error

Description

The vulnerability allows an adjacent authenticated attacker to cause DoS condition.

The vulnerability exists due to an off-by-one error in memslot_get_virt. An adjacent can trigger out-of-bounds read and cause the program to crash if it received specially crafted network traffic. In case the attacker in unauthenticated it's possible to execute arbitrary code.

Mitigation

Update the affected package spice to version 0.14.0-3.

Vulnerable software versions

Arch Linux: -

CPE External links

https://security.archlinux.org/advisory/ASA-201902-4

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.