Integer overflow in spice-gtk - CVE-2017-12194

 

Integer overflow in spice-gtk - CVE-2017-12194

Published: April 20, 2018 / Updated: April 21, 2018


Vulnerability identifier: #VU12053
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Green
CVE-ID: CVE-2017-12194
CWE-ID: CWE-190
Exploitation vector: Adjecent network
Exploit availability: No public exploit available
Vendor: Spice-Space
Affected software:
spice-gtk

Detailed vulnerability description

The vulnerability allows an adjacent unauthenticated attacker to gain elevated privileges on the target system.

The weakness exists in the spice-gtk component due to improper sanitization of pointers and lengths when handling spice-server messages. An adjacent attacker can trick the victim into connecting to an attacker-controlled spice-server and send messages that submit malicious input, trigger integer overflow and execute arbitrary code with root privileges.

How to mitigate CVE-2017-12194

Cybersecurity is currently unaware of any solutions addressing the vulnerability.

Sources