CVE-2016-9577

HIGH

Spice < 0.13.90 - Heap Buffer Overflow

Title source: rule
STIX 2.1

Description

A vulnerability was discovered in SPICE before 0.13.90 in the server's protocol handling. An authenticated attacker could send crafted messages to the SPICE server causing a heap overflow leading to a crash or possible code execution.

References (7)

Core 7
Core References
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2017:0552
Issue Tracking, Third Party Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9577
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2017:0254
Third Party Advisory vendor-advisory x_refsource_debian
https://www.debian.org/security/2017/dsa-3790
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/96040
Third Party Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2017-0253.html
Third Party Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2017-0549.html

Scores

CVSS v3 7.5
EPSS 0.0367
EPSS Percentile 87.9%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-119 CWE-20 CWE-122
Status published
Products (13)
debian/debian_linux 8.0
redhat/enterprise_linux_desktop 6.0
redhat/enterprise_linux_desktop 7.0
redhat/enterprise_linux_server 6.0
redhat/enterprise_linux_server 7.0
redhat/enterprise_linux_server_aus 7.3
redhat/enterprise_linux_server_aus 7.4
redhat/enterprise_linux_server_eus 7.3
redhat/enterprise_linux_server_eus 7.4
redhat/enterprise_linux_server_eus 7.5
... and 3 more
Published Jul 27, 2018
Tracked Since Feb 18, 2026