Off-by-one in SPICE - CVE-2019-3813
Published: January 31, 2019 / Updated: February 11, 2019
Vulnerability identifier: #VU17324
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2019-3813
CWE-ID: CWE-193
Exploitation vector: Adjecent network
Exploit availability:
No public exploit available
Vendor: SPICE
Affected software:
SPICE
SPICE
Detailed vulnerability description
The vulnerability allows an adjacent authenticated attacker to cause DoS condition.
The vulnerability exists due to an off-by-one error in memslot_get_virt. An adjacent can trigger out-of-bounds read and cause the program to crash if it received specially crafted network traffic. In case the attacker in unauthenticated it's possible to execute arbitrary code.
How to mitigate CVE-2019-3813
Update to version 0.14.2.