1. CVE-Search
  2. CVE-2019-3813
ID CVE-2019-3813
Summary Spice, versions 0.5.2 through 0.14.1, are vulnerable to an out-of-bounds read due to an off-by-one error in memslot_get_virt. This may lead to a denial of service, or, in the worst case, code-execution by unauthenticated attackers.
References
Vulnerable Configurations
  • cpe:2.3:a:spice_project:spice:0.5.2:*:*:*:*:*:*:*
    cpe:2.3:a:spice_project:spice:0.5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:spice_project:spice:0.5.3:*:*:*:*:*:*:*
    cpe:2.3:a:spice_project:spice:0.5.3:*:*:*:*:*:*:*
  • cpe:2.3:a:spice_project:spice:0.6.0:*:*:*:*:*:*:*
    cpe:2.3:a:spice_project:spice:0.6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:spice_project:spice:0.6.1:*:*:*:*:*:*:*
    cpe:2.3:a:spice_project:spice:0.6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:spice_project:spice:0.6.2:*:*:*:*:*:*:*
    cpe:2.3:a:spice_project:spice:0.6.2:*:*:*:*:*:*:*
  • cpe:2.3:a:spice_project:spice:0.6.3:*:*:*:*:*:*:*
    cpe:2.3:a:spice_project:spice:0.6.3:*:*:*:*:*:*:*
  • cpe:2.3:a:spice_project:spice:0.6.4:*:*:*:*:*:*:*
    cpe:2.3:a:spice_project:spice:0.6.4:*:*:*:*:*:*:*
  • cpe:2.3:a:spice_project:spice:0.7.0:*:*:*:*:*:*:*
    cpe:2.3:a:spice_project:spice:0.7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:spice_project:spice:0.7.1:*:*:*:*:*:*:*
    cpe:2.3:a:spice_project:spice:0.7.1:*:*:*:*:*:*:*
  • cpe:2.3:a:spice_project:spice:0.7.2:*:*:*:*:*:*:*
    cpe:2.3:a:spice_project:spice:0.7.2:*:*:*:*:*:*:*
  • cpe:2.3:a:spice_project:spice:0.7.3:*:*:*:*:*:*:*
    cpe:2.3:a:spice_project:spice:0.7.3:*:*:*:*:*:*:*
  • cpe:2.3:a:spice_project:spice:0.8.0:*:*:*:*:*:*:*
    cpe:2.3:a:spice_project:spice:0.8.0:*:*:*:*:*:*:*
  • cpe:2.3:a:spice_project:spice:0.8.1:*:*:*:*:*:*:*
    cpe:2.3:a:spice_project:spice:0.8.1:*:*:*:*:*:*:*
  • cpe:2.3:a:spice_project:spice:0.8.2:*:*:*:*:*:*:*
    cpe:2.3:a:spice_project:spice:0.8.2:*:*:*:*:*:*:*
  • cpe:2.3:a:spice_project:spice:0.8.3:*:*:*:*:*:*:*
    cpe:2.3:a:spice_project:spice:0.8.3:*:*:*:*:*:*:*
  • cpe:2.3:a:spice_project:spice:0.9.0:*:*:*:*:*:*:*
    cpe:2.3:a:spice_project:spice:0.9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:spice_project:spice:0.9.1:*:*:*:*:*:*:*
    cpe:2.3:a:spice_project:spice:0.9.1:*:*:*:*:*:*:*
  • cpe:2.3:a:spice_project:spice:0.10.0:*:*:*:*:*:*:*
    cpe:2.3:a:spice_project:spice:0.10.0:*:*:*:*:*:*:*
  • cpe:2.3:a:spice_project:spice:0.10.1:*:*:*:*:*:*:*
    cpe:2.3:a:spice_project:spice:0.10.1:*:*:*:*:*:*:*
  • cpe:2.3:a:spice_project:spice:0.11.0:*:*:*:*:*:*:*
    cpe:2.3:a:spice_project:spice:0.11.0:*:*:*:*:*:*:*
  • cpe:2.3:a:spice_project:spice:0.11.3:*:*:*:*:*:*:*
    cpe:2.3:a:spice_project:spice:0.11.3:*:*:*:*:*:*:*
  • cpe:2.3:a:spice_project:spice:0.12.0:*:*:*:*:*:*:*
    cpe:2.3:a:spice_project:spice:0.12.0:*:*:*:*:*:*:*
  • cpe:2.3:a:spice_project:spice:0.12.2:*:*:*:*:*:*:*
    cpe:2.3:a:spice_project:spice:0.12.2:*:*:*:*:*:*:*
  • cpe:2.3:a:spice_project:spice:0.12.3:*:*:*:*:*:*:*
    cpe:2.3:a:spice_project:spice:0.12.3:*:*:*:*:*:*:*
  • cpe:2.3:a:spice_project:spice:0.12.4:*:*:*:*:*:*:*
    cpe:2.3:a:spice_project:spice:0.12.4:*:*:*:*:*:*:*
  • cpe:2.3:a:spice_project:spice:0.12.5:*:*:*:*:*:*:*
    cpe:2.3:a:spice_project:spice:0.12.5:*:*:*:*:*:*:*
  • cpe:2.3:a:spice_project:spice:0.12.6:*:*:*:*:*:*:*
    cpe:2.3:a:spice_project:spice:0.12.6:*:*:*:*:*:*:*
  • cpe:2.3:a:spice_project:spice:0.12.7:*:*:*:*:*:*:*
    cpe:2.3:a:spice_project:spice:0.12.7:*:*:*:*:*:*:*
  • cpe:2.3:a:spice_project:spice:0.12.8:*:*:*:*:*:*:*
    cpe:2.3:a:spice_project:spice:0.12.8:*:*:*:*:*:*:*
  • cpe:2.3:a:spice_project:spice:0.13.0:*:*:*:*:*:*:*
    cpe:2.3:a:spice_project:spice:0.13.0:*:*:*:*:*:*:*
  • cpe:2.3:a:spice_project:spice:0.13.1:*:*:*:*:*:*:*
    cpe:2.3:a:spice_project:spice:0.13.1:*:*:*:*:*:*:*
  • cpe:2.3:a:spice_project:spice:0.13.2:*:*:*:*:*:*:*
    cpe:2.3:a:spice_project:spice:0.13.2:*:*:*:*:*:*:*
  • cpe:2.3:a:spice_project:spice:0.13.3:*:*:*:*:*:*:*
    cpe:2.3:a:spice_project:spice:0.13.3:*:*:*:*:*:*:*
  • cpe:2.3:a:spice_project:spice:0.13.90:*:*:*:*:*:*:*
    cpe:2.3:a:spice_project:spice:0.13.90:*:*:*:*:*:*:*
  • cpe:2.3:a:spice_project:spice:0.13.91:*:*:*:*:*:*:*
    cpe:2.3:a:spice_project:spice:0.13.91:*:*:*:*:*:*:*
  • cpe:2.3:a:spice_project:spice:0.14.0:*:*:*:*:*:*:*
    cpe:2.3:a:spice_project:spice:0.14.0:*:*:*:*:*:*:*
  • cpe:2.3:a:spice_project:spice:0.14.1:*:*:*:*:*:*:*
    cpe:2.3:a:spice_project:spice:0.14.1:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*
CVSS
Base: 5.4 (as of 26-04-2022 - 20:24)
Impact:
Exploitability:
CWE CWE-193
CAPEC
Access
VectorComplexityAuthentication
ADJACENT_NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:A/AC:M/Au:N/C:P/I:P/A:P
redhat via4
advisories
  • bugzilla
    id 1665371
    title CVE-2019-3813 spice: Off-by-one error in array access in spice/server/memslot.c
    oval
    OR
    • comment Red Hat Enterprise Linux must be installed
      oval oval:com.redhat.rhba:tst:20070304026
    • AND
      • comment Red Hat Enterprise Linux 7 is installed
        oval oval:com.redhat.rhba:tst:20150364027
      • OR
        • AND
          • comment spice-server is earlier than 0:0.14.0-6.el7_6.1
            oval oval:com.redhat.rhsa:tst:20190231001
          • comment spice-server is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20131192002
        • AND
          • comment spice-server-devel is earlier than 0:0.14.0-6.el7_6.1
            oval oval:com.redhat.rhsa:tst:20190231003
          • comment spice-server-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20131192004
    rhsa
    id RHSA-2019:0231
    released 2019-01-31
    severity Important
    title RHSA-2019:0231: spice security update (Important)
  • bugzilla
    id 1665371
    title CVE-2019-3813 spice: Off-by-one error in array access in spice/server/memslot.c
    oval
    OR
    • comment Red Hat Enterprise Linux must be installed
      oval oval:com.redhat.rhba:tst:20070304026
    • AND
      • comment Red Hat Enterprise Linux 6 is installed
        oval oval:com.redhat.rhba:tst:20111656003
      • OR
        • AND
          • comment spice-server is earlier than 0:0.12.4-16.el6_10.3
            oval oval:com.redhat.rhsa:tst:20190232001
          • comment spice-server is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20131192002
        • AND
          • comment spice-server-devel is earlier than 0:0.12.4-16.el6_10.3
            oval oval:com.redhat.rhsa:tst:20190232003
          • comment spice-server-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20131192004
    rhsa
    id RHSA-2019:0232
    released 2019-01-31
    severity Important
    title RHSA-2019:0232: spice-server security update (Important)
  • rhsa
    id RHSA-2019:0457
rpms
  • spice-debuginfo-0:0.14.0-6.el7_6.1
  • spice-server-0:0.14.0-6.el7_6.1
  • spice-server-devel-0:0.14.0-6.el7_6.1
  • spice-server-0:0.12.4-16.el6_10.3
  • spice-server-debuginfo-0:0.12.4-16.el6_10.3
  • spice-server-devel-0:0.12.4-16.el6_10.3
  • redhat-release-virtualization-host-0:4.2-8.3.el7
  • redhat-virtualization-host-image-update-0:4.2-20190219.0.el7_6
  • redhat-virtualization-host-image-update-placeholder-0:4.2-8.3.el7
refmap via4
bid 106801
confirm https://bugzilla.redhat.com/show_bug.cgi?id=1665371
debian DSA-4375
gentoo GLSA-202007-30
mlist [debian-lts-announce] 20190130 [SECURITY] [DLA 1649-1] spice security update
ubuntu USN-3870-1
Last major update 26-04-2022 - 20:24
Published 04-02-2019 - 18:29
Last modified 26-04-2022 - 20:24
Back to Top