CVE-2018-10873

A vulnerability was discovered in SPICE before version 0.14.1 where the generated code used for demarshalling messages lacked sufficient bounds checks. A malicious client or server, after authentication, could send specially crafted messages to its peer which would result in a crash or, potentially, other impacts.

Published : 2018-08-17 12:29 Updated : 2019-10-09 23:33

6.5
CVSS Score More info
Score 6.5 / 10
6.5
Vendor Product Version URI
Redhat Virtualization 4.0 cpe:/a:redhat:virtualization:4.0
Redhat Virtualization Host 4.0 cpe:/a:redhat:virtualization_host:4.0
Canonical Ubuntu Linux 14.04 cpe:/o:canonical:ubuntu_linux:14.04::~~lts~~~
Canonical Ubuntu Linux 16.04 cpe:/o:canonical:ubuntu_linux:16.04::~~lts~~~
Canonical Ubuntu Linux 18.04 cpe:/o:canonical:ubuntu_linux:18.04::~~lts~~~
Debian Debian Linux 8.0 cpe:/o:debian:debian_linux:8.0
Debian Debian Linux 9.0 cpe:/o:debian:debian_linux:9.0
Redhat Enterprise Linux Desktop 6.0 cpe:/o:redhat:enterprise_linux_desktop:6.0
Redhat Enterprise Linux Desktop 7.0 cpe:/o:redhat:enterprise_linux_desktop:7.0
Redhat Enterprise Linux Server 6.0 cpe:/o:redhat:enterprise_linux_server:6.0
Redhat Enterprise Linux Server 7.0 cpe:/o:redhat:enterprise_linux_server:7.0
Redhat Enterprise Linux Server Aus 7.6 cpe:/o:redhat:enterprise_linux_server_aus:7.6
Redhat Enterprise Linux Server Eus 7.5 cpe:/o:redhat:enterprise_linux_server_eus:7.5
Redhat Enterprise Linux Server Eus 7.6 cpe:/o:redhat:enterprise_linux_server_eus:7.6
Redhat Enterprise Linux Server Tus 7.6 cpe:/o:redhat:enterprise_linux_server_tus:7.6
Redhat Enterprise Linux Workstation 6.0 cpe:/o:redhat:enterprise_linux_workstation:6.0
Redhat Enterprise Linux Workstation 7.0 cpe:/o:redhat:enterprise_linux_workstation:7.0
Spice Project Spice 0.12.5 cpe:/a:spice_project:spice:0.12.5
Spice Project Spice 0.12.6 cpe:/a:spice_project:spice:0.12.6
Spice Project Spice 0.12.7 cpe:/a:spice_project:spice:0.12.7
Spice Project Spice 0.12.8 cpe:/a:spice_project:spice:0.12.8
Spice Project Spice 0.13.0 cpe:/a:spice_project:spice:0.13.0
Spice Project Spice 0.13.1 cpe:/a:spice_project:spice:0.13.1
Spice Project Spice 0.13.2 cpe:/a:spice_project:spice:0.13.2
Spice Project Spice 0.13.3 cpe:/a:spice_project:spice:0.13.3
Spice Project Spice 0.13.90 cpe:/a:spice_project:spice:0.13.90
Spice Project Spice 0.13.91 cpe:/a:spice_project:spice:0.13.91
Spice Project Spice 0.14.0 cpe:/a:spice_project:spice:0.14.0
Spice Project Spice 0.5.2 cpe:/a:spice_project:spice:0.5.2
Spice Project Spice 0.5.3 cpe:/a:spice_project:spice:0.5.3
Spice Project Spice 0.6.0 cpe:/a:spice_project:spice:0.6.0
Spice Project Spice 0.6.1 cpe:/a:spice_project:spice:0.6.1
Spice Project Spice 0.6.2 cpe:/a:spice_project:spice:0.6.2
Spice Project Spice 0.6.3 cpe:/a:spice_project:spice:0.6.3
Spice Project Spice 0.6.4 cpe:/a:spice_project:spice:0.6.4
Spice Project Spice 0.7.0 cpe:/a:spice_project:spice:0.7.0
Spice Project Spice 0.7.1 cpe:/a:spice_project:spice:0.7.1
Spice Project Spice 0.7.2 cpe:/a:spice_project:spice:0.7.2
Spice Project Spice 0.7.3 cpe:/a:spice_project:spice:0.7.3
Spice Project Spice 0.8.0 cpe:/a:spice_project:spice:0.8.0
Spice Project Spice 0.8.1 cpe:/a:spice_project:spice:0.8.1
Spice Project Spice 0.8.2 cpe:/a:spice_project:spice:0.8.2
Spice Project Spice 0.8.3 cpe:/a:spice_project:spice:0.8.3
Spice Project Spice 0.9.0 cpe:/a:spice_project:spice:0.9.0
Spice Project Spice 0.9.1 cpe:/a:spice_project:spice:0.9.1
Spice Project Spice 0.10.0 cpe:/a:spice_project:spice:0.10.0
Spice Project Spice 0.10.1 cpe:/a:spice_project:spice:0.10.1
Spice Project Spice 0.11.0 cpe:/a:spice_project:spice:0.11.0
Spice Project Spice 0.11.3 cpe:/a:spice_project:spice:0.11.3
Spice Project Spice 0.12.0 cpe:/a:spice_project:spice:0.12.0
Spice Project Spice 0.12.2 cpe:/a:spice_project:spice:0.12.2
Spice Project Spice 0.12.3 cpe:/a:spice_project:spice:0.12.3
Spice Project Spice 0.12.4 cpe:/a:spice_project:spice:0.12.4
  1. Debian (1) Search CVE
    1. Debian Linux (2) Search CVE
      1. 8.0
      2. 9.0
  2. Redhat (8) Search CVE
    1. Enterprise Linux Server Tus (1) Search CVE
      1. 7.6
    2. Virtualization (1) Search CVE
      1. 4.0
    3. Virtualization Host (1) Search CVE
      1. 4.0
    4. Enterprise Linux Server Aus (1) Search CVE
      1. 7.6
    5. Enterprise Linux Server Eus (2) Search CVE
      1. 7.5
      2. 7.6
    6. Enterprise Linux Desktop (2) Search CVE
      1. 6.0
      2. 7.0
    7. Enterprise Linux Server (2) Search CVE
      1. 6.0
      2. 7.0
    8. Enterprise Linux Workstation (2) Search CVE
      1. 6.0
      2. 7.0
  3. Spice Project (1) Search CVE
    1. Spice (36) Search CVE
      1. 0.12.5
      2. 0.12.6
      3. 0.12.7
      4. 0.12.8
      5. 0.13.0
      6. 0.13.1
      7. 0.13.2
      8. 0.13.3
      9. 0.13.90
      10. 0.13.91
      11. 0.14.0
      12. 0.5.2
      13. 0.5.3
      14. 0.6.0
      15. 0.6.1
      16. 0.6.2
      17. 0.6.3
      18. 0.6.4
      19. 0.7.0
      20. 0.7.1
      21. 0.7.2
      22. 0.7.3
      23. 0.8.0
      24. 0.8.1
      25. 0.8.2
      26. 0.8.3
      27. 0.9.0
      28. 0.9.1
      29. 0.10.0
      30. 0.10.1
      31. 0.11.0
      32. 0.11.3
      33. 0.12.0
      34. 0.12.2
      35. 0.12.3
      36. 0.12.4
  4. Canonical (1) Search CVE
    1. Ubuntu Linux (3) Search CVE
      1. 14.04
      2. 16.04
      3. 18.04

CWE

ID Name Description Links
CWE-20 Improper Input Validation The product does not validate or incorrectly validates input that can affect the control flow or data flow of a program. CVE

History of changes

Date Event
2019-10-09 23:33
2019-04-22 18:55
2018-11-06 11:29
2018-10-16 10:29
2018-10-10 17:45
2018-09-21 10:29
2018-09-01 10:29
2018-08-29 10:29
2018-08-23 10:29
2018-08-17 12:29

New CVE