#VU14533 Buffer overflow in SPICE - CVE-2018-10873

Cybersecurity Help s.r.o.

Published: 2018-08-24 | Updated: 2018-08-27

Vulnerability identifier: #VU14533

Vulnerability risk: Low

CVSSv4.0: 4.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2018-10873

CWE-ID: CWE-120

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
SPICE
Universal components / Libraries / Software for developers

Vendor: SPICE

Description

The vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.

The vulnerability exists due to buffer overflow in the write_validate_array_item()function when python_modules/demarshal.py code is used for demarshalling messages, as defined in the python_modules/demarshal.py code. A remote attacker can send specially crafted messages that submit malicious input to a targeted system. A successful exploit could trigger memory corruption and cause the service to crash.

Mitigation
Install update from vendor's website.

Vulnerable software versions

SPICE: 0.8.0 - 0.14.0

External links
https://gitlab.freedesktop.org/spice/spice-common/commit/bb15d4815ab586b4c4a20f4a565970a44824c42c

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Buffer overflow in spice (Alpine package)

Debian update for spice

Red Hat update for spice-gtk and spice-server

Red Hat update for spice and spice-gtk

Denial of service in spice