CVE-2016-9578
HIGHspice < 0.13.90 - Denial of Service via Crafted Protocol Messages
Title source: llmDescription
A vulnerability was discovered in SPICE before 0.13.90 in the server's protocol handling. An attacker able to connect to the SPICE server could send crafted messages which would cause the process to crash.
References (7)
Core 7
Core References
Issue Tracking, Third Party Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9578
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2017:0552
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2017:0254
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/96118
Third Party Advisory vendor-advisory
x_refsource_debian
https://www.debian.org/security/2017/dsa-3790
Third Party Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2017-0253.html
Third Party Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2017-0549.html
Scores
CVSS v3
7.5
EPSS
0.0249
EPSS Percentile
82.6%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-20
CWE-770
Status
published
Products (13)
debian/debian_linux
8.0
redhat/enterprise_linux_desktop
6.0
redhat/enterprise_linux_desktop
7.0
redhat/enterprise_linux_server
6.0
redhat/enterprise_linux_server
7.0
redhat/enterprise_linux_server_aus
7.3
redhat/enterprise_linux_server_aus
7.4
redhat/enterprise_linux_server_eus
7.3
redhat/enterprise_linux_server_eus
7.4
redhat/enterprise_linux_server_eus
7.5
... and 3 more
Published
Jul 27, 2018
Tracked Since
Feb 18, 2026