Main Vulnerability Database Vulnerabilities #VU14533

Buffer overflow in SPICE - CVE-2018-10873

Published: August 24, 2018 / Updated: August 27, 2018

Vulnerability identifier: #VU14533

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2018-10873

CWE-ID: CWE-120

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: SPICE

Affected software:
SPICE

Detailed vulnerability description

The vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.

The vulnerability exists due to buffer overflow in the write_validate_array_item()function when python_modules/demarshal.py code is used for demarshalling messages, as defined in the python_modules/demarshal.py code. A remote attacker can send specially crafted messages that submit malicious input to a targeted system. A successful exploit could trigger memory corruption and cause the service to crash.

How to mitigate CVE-2018-10873

Install update from vendor's website.

Sources

https://gitlab.freedesktop.org/spice/spice-common/commit/bb15d4815ab586b4c4a20f4a565970a44824c42c

Buffer overflow in SPICE - CVE-2018-10873

Detailed vulnerability description

How to mitigate CVE-2018-10873

Sources

Please verify you're human