vulnerability

SUSE: CVE-2018-10873: SUSE Linux Security Advisory

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
7	(AV:N/AC:L/Au:S/C:P/I:P/A:P)	08/17/2018	08/31/2018	10/22/2021

Severity

CVSS

(AV:N/AC:L/Au:S/C:P/I:P/A:P)

Published

08/17/2018

Added

08/31/2018

Modified

10/22/2021

Description

A vulnerability was discovered in SPICE before version 0.14.1 where the generated code used for demarshalling messages lacked sufficient bounds checks. A malicious client or server, after authentication, could send specially crafted messages to its peer which would result in a crash or, potentially, other impacts.

Solution(s)

suse-upgrade-libspice-client-glib-2_0-8suse-upgrade-libspice-client-glib-helpersuse-upgrade-libspice-client-gtk-2_0-4suse-upgrade-libspice-client-gtk-3_0-4suse-upgrade-libspice-client-gtk-3_0-5suse-upgrade-libspice-controller0suse-upgrade-libspice-server-develsuse-upgrade-libspice-server1suse-upgrade-spice-gtksuse-upgrade-spice-gtk-develsuse-upgrade-spice-gtk-langsuse-upgrade-typelib-1_0-spiceclientglib-2_0suse-upgrade-typelib-1_0-spiceclientgtk-3_0

References

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today