cnvd - cnvd-2017-01269

CNVD-2017-01269

Vulnerability from cnvd - Published: 2017-02-14

Title

Spice缓冲区溢出漏洞

Description

SPICE (Simple Protocol for Independent Computing Environment) 是Red Hat收购Qumranet后获得虚拟技术。SPICE能用于在服务器和远程计算机如桌面和瘦客户端设备上部署虚拟桌面 Spice存在缓冲区溢出漏洞，由于将用户数据复制到大小不足的内存缓冲区时未能做充分验证。攻击者可以利用该漏洞在受影响的应用程序环境中执行任意代码，失败的攻击会造成拒绝服务。

Severity

高

Patch Name

Spice缓冲区溢出漏洞的补丁

Patch Description

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://bugzilla.redhat.com/show_bug.cgi?id=1401603

Reference

http://www.securityfocus.com/bid/96040

Impacted products

Name
['Red Hat Spice 0.12.3', 'Red Hat Spice 0.12.2', 'Red Hat Spice 0.12', 'Red Hat Spice 0.11.3', 'Red Hat Spice 0.9.0', 'Red Hat Spice 0.11.0', 'Red Hat Spice 0.10.1', 'Red Hat Spice 0.10.0']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "96040"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2016-9577"
    }
  },
  "description": "SPICE (Simple Protocol for Independent Computing Environment) \u662fRed Hat\u6536\u8d2dQumranet\u540e\u83b7\u5f97\u865a\u62df\u6280\u672f\u3002SPICE\u80fd\u7528\u4e8e\u5728\u670d\u52a1\u5668\u548c\u8fdc\u7a0b\u8ba1\u7b97\u673a\u5982\u684c\u9762\u548c\u7626\u5ba2\u6237\u7aef\u8bbe\u5907\u4e0a\u90e8\u7f72\u865a\u62df\u684c\u9762\r\n\r\nSpice\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u7531\u4e8e\u5c06\u7528\u6237\u6570\u636e\u590d\u5236\u5230\u5927\u5c0f\u4e0d\u8db3\u7684\u5185\u5b58\u7f13\u51b2\u533a\u65f6\u672a\u80fd\u505a\u5145\u5206\u9a8c\u8bc1\u3002\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u53d7\u5f71\u54cd\u7684\u5e94\u7528\u7a0b\u5e8f\u73af\u5883\u4e2d\u6267\u884c\u4efb\u610f\u4ee3\u7801\uff0c\u5931\u8d25\u7684\u653b\u51fb\u4f1a\u9020\u6210\u62d2\u7edd\u670d\u52a1\u3002",
  "discovererName": "Frediano Ziglio (Red Hat)",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://bugzilla.redhat.com/show_bug.cgi?id=1401603",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-01269",
  "openTime": "2017-02-14",
  "patchDescription": "SPICE (Simple Protocol for Independent Computing Environment) \u662fRed Hat\u6536\u8d2dQumranet\u540e\u83b7\u5f97\u865a\u62df\u6280\u672f\u3002SPICE\u80fd\u7528\u4e8e\u5728\u670d\u52a1\u5668\u548c\u8fdc\u7a0b\u8ba1\u7b97\u673a\u5982\u684c\u9762\u548c\u7626\u5ba2\u6237\u7aef\u8bbe\u5907\u4e0a\u90e8\u7f72\u865a\u62df\u684c\u9762\r\n\r\nSpice\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u7531\u4e8e\u5c06\u7528\u6237\u6570\u636e\u590d\u5236\u5230\u5927\u5c0f\u4e0d\u8db3\u7684\u5185\u5b58\u7f13\u51b2\u533a\u65f6\u672a\u80fd\u505a\u5145\u5206\u9a8c\u8bc1\u3002\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u53d7\u5f71\u54cd\u7684\u5e94\u7528\u7a0b\u5e8f\u73af\u5883\u4e2d\u6267\u884c\u4efb\u610f\u4ee3\u7801\uff0c\u5931\u8d25\u7684\u653b\u51fb\u4f1a\u9020\u6210\u62d2\u7edd\u670d\u52a1\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Spice\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Red Hat Spice 0.12.3",
      "Red Hat Spice  0.12.2",
      "Red Hat Spice  0.12",
      "Red Hat Spice  0.11.3",
      "Red Hat Spice  0.9.0",
      "Red Hat Spice  0.11.0",
      "Red Hat Spice  0.10.1",
      "Red Hat Spice  0.10.0"
    ]
  },
  "referenceLink": "http://www.securityfocus.com/bid/96040",
  "serverity": "\u9ad8",
  "submitTime": "2017-02-07",
  "title": "Spice\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e"
}

CVE-2016-9577 (GCVE-0-2016-9577)

Vulnerability from cvelistv5 – Published: 2018-07-27 20:00 – Updated: 2024-08-06 02:59

Summary

A vulnerability was discovered in SPICE before 0.13.90 in the server's protocol handling. An authenticated attacker could send crafted messages to the SPICE server causing a heap overflow leading to a crash or possible code execution.

Severity ?

7.5 (High)


                        
                          CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

Assigner

redhat

References

URL

Tags

	https://access.redhat.com/errata/RHSA-2017:0552	vendor-advisoryx_refsource_REDHAT
	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2…	x_refsource_CONFIRM
	https://access.redhat.com/errata/RHSA-2017:0254	vendor-advisoryx_refsource_REDHAT
	https://www.debian.org/security/2017/dsa-3790	vendor-advisoryx_refsource_DEBIAN
	http://www.securityfocus.com/bid/96040	vdb-entryx_refsource_BID
	http://rhn.redhat.com/errata/RHSA-2017-0253.html	vendor-advisoryx_refsource_REDHAT
	http://rhn.redhat.com/errata/RHSA-2017-0549.html	vendor-advisoryx_refsource_REDHAT

Impacted products

	Vendor	Product	Version
	Red Hat	spice	Affected: 0.13.90

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T02:59:02.309Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2017:0552",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:0552"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9577"
          },
          {
            "name": "RHSA-2017:0254",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:0254"
          },
          {
            "name": "DSA-3790",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2017/dsa-3790"
          },
          {
            "name": "96040",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/96040"
          },
          {
            "name": "RHSA-2017:0253",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0253.html"
          },
          {
            "name": "RHSA-2017:0549",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0549.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "spice",
          "vendor": "Red Hat",
          "versions": [
            {
              "status": "affected",
              "version": "0.13.90"
            }
          ]
        }
      ],
      "datePublic": "2016-12-05T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was discovered in SPICE before 0.13.90 in the server\u0027s protocol handling. An authenticated attacker could send crafted messages to the SPICE server causing a heap overflow leading to a crash or possible code execution."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "CWE-122",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-07-28T09:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2017:0552",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:0552"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9577"
        },
        {
          "name": "RHSA-2017:0254",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:0254"
        },
        {
          "name": "DSA-3790",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2017/dsa-3790"
        },
        {
          "name": "96040",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/96040"
        },
        {
          "name": "RHSA-2017:0253",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0253.html"
        },
        {
          "name": "RHSA-2017:0549",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0549.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2016-9577",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "spice",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "0.13.90"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Red Hat"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability was discovered in SPICE before 0.13.90 in the server\u0027s protocol handling. An authenticated attacker could send crafted messages to the SPICE server causing a heap overflow leading to a crash or possible code execution."
            }
          ]
        },
        "impact": {
          "cvss": [
            [
              {
                "vectorString": "7.5/CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            [
              {
                "vectorString": "6.0/AV:N/AC:M/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              }
            ]
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-20"
                }
              ]
            },
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-122"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2017:0552",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:0552"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9577",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9577"
            },
            {
              "name": "RHSA-2017:0254",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:0254"
            },
            {
              "name": "DSA-3790",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2017/dsa-3790"
            },
            {
              "name": "96040",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/96040"
            },
            {
              "name": "RHSA-2017:0253",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0253.html"
            },
            {
              "name": "RHSA-2017:0549",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0549.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2016-9577",
    "datePublished": "2018-07-27T20:00:00",
    "dateReserved": "2016-11-23T00:00:00",
    "dateUpdated": "2024-08-06T02:59:02.309Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2017-01269

CVE-2016-9577 (GCVE-0-2016-9577)

Tags

Sightings

Nomenclature