CVE-2017-7506

Published Jul 18, 2017

Last updated 2 years ago

Overview

Description: spice versions though 0.13 are vulnerable to out-of-bounds memory access when processing specially crafted messages from authenticated attacker to the spice server resulting into crash and/or server memory leak.
Source: secalert@redhat.com
NVD status: Modified

Risk scores

CVSS 3.0

Type: Primary
Base score: 8.8
Impact score: 5.9
Exploitability score: 2.8
Vector string: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 6.5
Impact score: 6.4
Exploitability score: 8
Vector string: AV:N/AC:L/Au:S/C:P/I:P/A:P

Weaknesses

secalert@redhat.com: CWE-119
nvd@nist.gov: CWE-119

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:spice_project:spice:0.5.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D43478E1-FAC9-4331-890A-3A0657B297CD"
          },
          {
            "criteria": "cpe:2.3:a:spice_project:spice:0.5.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9EF919EB-A288-4B04-B16D-5CBF02D3DA50"
          },
          {
            "criteria": "cpe:2.3:a:spice_project:spice:0.6.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C4B6CA6B-2EA2-49B2-A1CB-1A2E6BCD5310"
          },
          {
            "criteria": "cpe:2.3:a:spice_project:spice:0.6.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3799D9A4-36DD-46C7-920F-CBBACFBD1A3F"
          },
          {
            "criteria": "cpe:2.3:a:spice_project:spice:0.6.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D98B8AD9-2199-491B-971D-51C8E8C8620F"
          },
          {
            "criteria": "cpe:2.3:a:spice_project:spice:0.6.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "334E8934-ACD6-4EA8-8603-1A74754E686E"
          },
          {
            "criteria": "cpe:2.3:a:spice_project:spice:0.6.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DC523EFE-42BB-401F-B56F-CD3111521926"
          },
          {
            "criteria": "cpe:2.3:a:spice_project:spice:0.7.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8D99BC7E-E0AE-47DB-AB4E-E2E8B819F11E"
          },
          {
            "criteria": "cpe:2.3:a:spice_project:spice:0.7.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A94048EB-8898-48D2-94F5-5EB4EBACF1EC"
          },
          {
            "criteria": "cpe:2.3:a:spice_project:spice:0.7.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5FDB2652-0358-4624-AA5A-85E6AF78602D"
          },
          {
            "criteria": "cpe:2.3:a:spice_project:spice:0.7.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D5DDBC28-2B52-4ED3-A547-220308730442"
          },
          {
            "criteria": "cpe:2.3:a:spice_project:spice:0.8.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "415261CB-7BC6-43A3-8655-4A9B5762D40D"
          },
          {
            "criteria": "cpe:2.3:a:spice_project:spice:0.8.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F9EC9E53-64A4-4ACD-96A2-914E99FD18CA"
          },
          {
            "criteria": "cpe:2.3:a:spice_project:spice:0.8.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E2AF8BAE-BA8D-4B88-ABF7-BFF3FF1C35FE"
          },
          {
            "criteria": "cpe:2.3:a:spice_project:spice:0.8.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B572F78E-3D9E-447C-AC2A-790833FE9572"
          },
          {
            "criteria": "cpe:2.3:a:spice_project:spice:0.9.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "40C5F192-9B57-406B-A026-986C5FA23E7D"
          },
          {
            "criteria": "cpe:2.3:a:spice_project:spice:0.9.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "80AC3C68-6EF4-45BA-AE83-63BF7E2C5FDC"
          },
          {
            "criteria": "cpe:2.3:a:spice_project:spice:0.10.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8A5FAD2D-A31D-47F5-A0CA-F956566AF64E"
          },
          {
            "criteria": "cpe:2.3:a:spice_project:spice:0.10.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D3A7A337-017E-442C-8243-ACCEC60386DC"
          },
          {
            "criteria": "cpe:2.3:a:spice_project:spice:0.11.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1FEDFB76-03BA-4C85-8941-60ED24248C19"
          },
          {
            "criteria": "cpe:2.3:a:spice_project:spice:0.11.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "534D1105-4AC0-4DD4-93BA-CD7B6DF09F26"
          },
          {
            "criteria": "cpe:2.3:a:spice_project:spice:0.12.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "937428E5-EE31-4BBF-9774-EFB9866B58D9"
          },
          {
            "criteria": "cpe:2.3:a:spice_project:spice:0.12.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7AE28BE9-1851-4BCA-A1B8-8F291C744703"
          },
          {
            "criteria": "cpe:2.3:a:spice_project:spice:0.12.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9DD83413-0A15-4117-87B9-C6551A327448"
          },
          {
            "criteria": "cpe:2.3:a:spice_project:spice:0.12.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B9120288-1454-4ED9-AFD2-FCA52B92E761"
          },
          {
            "criteria": "cpe:2.3:a:spice_project:spice:0.12.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "12099A50-80EA-4613-B55E-2A6F426AABAD"
          },
          {
            "criteria": "cpe:2.3:a:spice_project:spice:0.12.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "66E7D605-AF1B-4A3E-B522-FA019879238A"
          },
          {
            "criteria": "cpe:2.3:a:spice_project:spice:0.12.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AE37633B-B577-4C8E-B807-23561DFE18D4"
          },
          {
            "criteria": "cpe:2.3:a:spice_project:spice:0.12.8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CF05DBE8-B5CF-40BA-8EFF-51B416E0CD91"
          },
          {
            "criteria": "cpe:2.3:a:spice_project:spice:0.13.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BA3CFB3D-0D04-4F62-9CD9-886CDE5AA578"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References