cnvd - cnvd-2017-01269

cnvd-2017-01269

Vulnerability from cnvd

Title: Spice缓冲区溢出漏洞

Description:

SPICE (Simple Protocol for Independent Computing Environment) 是Red Hat收购Qumranet后获得虚拟技术。SPICE能用于在服务器和远程计算机如桌面和瘦客户端设备上部署虚拟桌面

Spice存在缓冲区溢出漏洞，由于将用户数据复制到大小不足的内存缓冲区时未能做充分验证。攻击者可以利用该漏洞在受影响的应用程序环境中执行任意代码，失败的攻击会造成拒绝服务。

Severity: 高

Patch Name: Spice缓冲区溢出漏洞的补丁

Patch Description:

Spice存在缓冲区溢出漏洞，由于将用户数据复制到大小不足的内存缓冲区时未能做充分验证。攻击者可以利用该漏洞在受影响的应用程序环境中执行任意代码，失败的攻击会造成拒绝服务。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

厂商已发布了漏洞修复程序，请及时关注更新： https://bugzilla.redhat.com/show_bug.cgi?id=1401603

Reference: http://www.securityfocus.com/bid/96040

Impacted products

Name
['Red Hat Spice 0.12.3', 'Red Hat Spice 0.12.2', 'Red Hat Spice 0.12', 'Red Hat Spice 0.11.3', 'Red Hat Spice 0.9.0', 'Red Hat Spice 0.11.0', 'Red Hat Spice 0.10.1', 'Red Hat Spice 0.10.0']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "96040"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2016-9577"
    }
  },
  "description": "SPICE (Simple Protocol for Independent Computing Environment) \u662fRed Hat\u6536\u8d2dQumranet\u540e\u83b7\u5f97\u865a\u62df\u6280\u672f\u3002SPICE\u80fd\u7528\u4e8e\u5728\u670d\u52a1\u5668\u548c\u8fdc\u7a0b\u8ba1\u7b97\u673a\u5982\u684c\u9762\u548c\u7626\u5ba2\u6237\u7aef\u8bbe\u5907\u4e0a\u90e8\u7f72\u865a\u62df\u684c\u9762\r\n\r\nSpice\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u7531\u4e8e\u5c06\u7528\u6237\u6570\u636e\u590d\u5236\u5230\u5927\u5c0f\u4e0d\u8db3\u7684\u5185\u5b58\u7f13\u51b2\u533a\u65f6\u672a\u80fd\u505a\u5145\u5206\u9a8c\u8bc1\u3002\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u53d7\u5f71\u54cd\u7684\u5e94\u7528\u7a0b\u5e8f\u73af\u5883\u4e2d\u6267\u884c\u4efb\u610f\u4ee3\u7801\uff0c\u5931\u8d25\u7684\u653b\u51fb\u4f1a\u9020\u6210\u62d2\u7edd\u670d\u52a1\u3002",
  "discovererName": "Frediano Ziglio (Red Hat)",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://bugzilla.redhat.com/show_bug.cgi?id=1401603",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-01269",
  "openTime": "2017-02-14",
  "patchDescription": "SPICE (Simple Protocol for Independent Computing Environment) \u662fRed Hat\u6536\u8d2dQumranet\u540e\u83b7\u5f97\u865a\u62df\u6280\u672f\u3002SPICE\u80fd\u7528\u4e8e\u5728\u670d\u52a1\u5668\u548c\u8fdc\u7a0b\u8ba1\u7b97\u673a\u5982\u684c\u9762\u548c\u7626\u5ba2\u6237\u7aef\u8bbe\u5907\u4e0a\u90e8\u7f72\u865a\u62df\u684c\u9762\r\n\r\nSpice\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u7531\u4e8e\u5c06\u7528\u6237\u6570\u636e\u590d\u5236\u5230\u5927\u5c0f\u4e0d\u8db3\u7684\u5185\u5b58\u7f13\u51b2\u533a\u65f6\u672a\u80fd\u505a\u5145\u5206\u9a8c\u8bc1\u3002\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u53d7\u5f71\u54cd\u7684\u5e94\u7528\u7a0b\u5e8f\u73af\u5883\u4e2d\u6267\u884c\u4efb\u610f\u4ee3\u7801\uff0c\u5931\u8d25\u7684\u653b\u51fb\u4f1a\u9020\u6210\u62d2\u7edd\u670d\u52a1\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Spice\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Red Hat Spice 0.12.3",
      "Red Hat Spice  0.12.2",
      "Red Hat Spice  0.12",
      "Red Hat Spice  0.11.3",
      "Red Hat Spice  0.9.0",
      "Red Hat Spice  0.11.0",
      "Red Hat Spice  0.10.1",
      "Red Hat Spice  0.10.0"
    ]
  },
  "referenceLink": "http://www.securityfocus.com/bid/96040",
  "serverity": "\u9ad8",
  "submitTime": "2017-02-07",
  "title": "Spice\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e"
}

CVE-2016-9577 (GCVE-0-2016-9577)

Vulnerability from cvelistv5

Published

2018-07-27 20:00

Modified

2024-08-06 02:59

Severity ?

7.5 (High) - CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

Summary

A vulnerability was discovered in SPICE before 0.13.90 in the server's protocol handling. An authenticated attacker could send crafted messages to the SPICE server causing a heap overflow leading to a crash or possible code execution.

References

▼	URL	Tags
	https://access.redhat.com/errata/RHSA-2017:0552	vendor-advisory, x_refsource_REDHAT
	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9577	x_refsource_CONFIRM
	https://access.redhat.com/errata/RHSA-2017:0254	vendor-advisory, x_refsource_REDHAT
	https://www.debian.org/security/2017/dsa-3790	vendor-advisory, x_refsource_DEBIAN
	http://www.securityfocus.com/bid/96040	vdb-entry, x_refsource_BID
	http://rhn.redhat.com/errata/RHSA-2017-0253.html	vendor-advisory, x_refsource_REDHAT
	http://rhn.redhat.com/errata/RHSA-2017-0549.html	vendor-advisory, x_refsource_REDHAT

Impacted products

	Vendor	Product	Version
	Red Hat	spice	Version: 0.13.90

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T02:59:02.309Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2017:0552",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:0552"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9577"
          },
          {
            "name": "RHSA-2017:0254",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:0254"
          },
          {
            "name": "DSA-3790",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2017/dsa-3790"
          },
          {
            "name": "96040",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/96040"
          },
          {
            "name": "RHSA-2017:0253",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0253.html"
          },
          {
            "name": "RHSA-2017:0549",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0549.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "spice",
          "vendor": "Red Hat",
          "versions": [
            {
              "status": "affected",
              "version": "0.13.90"
            }
          ]
        }
      ],
      "datePublic": "2016-12-05T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was discovered in SPICE before 0.13.90 in the server\u0027s protocol handling. An authenticated attacker could send crafted messages to the SPICE server causing a heap overflow leading to a crash or possible code execution."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "CWE-122",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-07-28T09:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2017:0552",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:0552"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9577"
        },
        {
          "name": "RHSA-2017:0254",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:0254"
        },
        {
          "name": "DSA-3790",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2017/dsa-3790"
        },
        {
          "name": "96040",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/96040"
        },
        {
          "name": "RHSA-2017:0253",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0253.html"
        },
        {
          "name": "RHSA-2017:0549",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0549.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2016-9577",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "spice",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "0.13.90"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Red Hat"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability was discovered in SPICE before 0.13.90 in the server\u0027s protocol handling. An authenticated attacker could send crafted messages to the SPICE server causing a heap overflow leading to a crash or possible code execution."
            }
          ]
        },
        "impact": {
          "cvss": [
            [
              {
                "vectorString": "7.5/CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            [
              {
                "vectorString": "6.0/AV:N/AC:M/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              }
            ]
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-20"
                }
              ]
            },
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-122"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2017:0552",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:0552"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9577",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9577"
            },
            {
              "name": "RHSA-2017:0254",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:0254"
            },
            {
              "name": "DSA-3790",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2017/dsa-3790"
            },
            {
              "name": "96040",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/96040"
            },
            {
              "name": "RHSA-2017:0253",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0253.html"
            },
            {
              "name": "RHSA-2017:0549",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0549.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2016-9577",
    "datePublished": "2018-07-27T20:00:00",
    "dateReserved": "2016-11-23T00:00:00",
    "dateUpdated": "2024-08-06T02:59:02.309Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted