This security advisory describes one medium risk vulnerability.
CWE-193 - Off-by-one Error
The vulnerability allows an adjacent authenticated attacker to cause DoS condition.
The vulnerability exists due to an off-by-one error in memslot_get_virt. An adjacent can trigger out-of-bounds read and cause the program to crash if it received specially crafted network traffic. In case the attacker in unauthenticated it's possible to execute arbitrary code.Mitigation
Update the affected package spice to version 0.14.0-3.Vulnerable software versions
Arch Linux: -CPE
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.