CVE-2017-7506
HIGHspice <= 0.13 - Authenticated Denial of Service via Memory Access
Title source: llmDescription
spice versions though 0.13 are vulnerable to out-of-bounds memory access when processing specially crafted messages from authenticated attacker to the spice server resulting into crash and/or server memory leak.
References (6)
Core 6
Core References
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:3522
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2017/07/14/1
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2017:2471
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2017/dsa-3907
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/99583
Issue Tracking, Third Party Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=1452606
Scores
CVSS v3
8.8
EPSS
0.0420
EPSS Percentile
89.7%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-119
Status
published
Products (31)
spice_project/spice
0.5.2
spice_project/spice
0.5.3
spice_project/spice
0.6.0
spice_project/spice
0.6.1
spice_project/spice
0.6.2
spice_project/spice
0.6.3
spice_project/spice
0.6.4
spice_project/spice
0.7.0
spice_project/spice
0.7.1
spice_project/spice
0.7.2
... and 21 more
Published
Jul 18, 2017
Tracked Since
Feb 18, 2026