#VU12053 Integer overflow in spice-gtk
Vulnerability identifier: #VU12053
Vulnerability risk: Medium
CVSSv3.1: 7.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:P/RL:U/RC:U]
CVE-ID:
CWE-ID:
CWE-190
Exploitation vector: Local network
Exploit availability: No
Vulnerable software:
spice-gtk
Universal components / Libraries /
Libraries used by multiple products
Vendor: Spice-Space
Description
The vulnerability allows an adjacent unauthenticated attacker to gain elevated privileges on the target system.
The weakness exists in the spice-gtk component due to improper sanitization of pointers and lengths when handling spice-server messages. An adjacent attacker can trick the victim into connecting to an attacker-controlled spice-server and send messages that submit malicious input, trigger integer overflow and execute arbitrary code with root privileges.
Mitigation
Cybersecurity is currently unaware of any solutions addressing the vulnerability.
Vulnerable software versions
spice-gtk: 0.1.0 - 0.34
External links
http://bugzilla.redhat.com/show_bug.cgi?id=1501200
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
