Spice Project SPICE 0.13.90

CPE Details

Spice Project SPICE 0.13.90
spice_project
spice
0.13.90
2019-06-14
11h06 +00:00
2019-06-14
11h06 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:spice_project:spice:0.13.90:*:*:*:*:*:*:*

Informations

Vendor

spice_project

Product

spice

Version

0.13.90

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2021-20201 2021-05-28 08h42 +00:00 A flaw was found in spice in versions before 0.14.92. A DoS tool might make it easier for remote attackers to cause a denial of service (CPU consumption) by performing many renegotiations within a single connection.
5.3
Medium
CVE-2020-14355 2020-10-07 12h41 +00:00 Multiple buffer overflow vulnerabilities were found in the QUIC image decoding process of the SPICE remote display system, before spice-0.14.2-1. Both the SPICE client (spice-gtk) and server are affected by these flaws. These flaws allow a malicious client or server to send specially crafted messages that, when processed by the QUIC image compression algorithm, result in a process crash or potential code execution.
6.6
Medium
CVE-2019-3813 2019-02-04 18h00 +00:00 Spice, versions 0.5.2 through 0.14.1, are vulnerable to an out-of-bounds read due to an off-by-one error in memslot_get_virt. This may lead to a denial of service, or, in the worst case, code-execution by unauthenticated attackers.
7.5
High
CVE-2018-10873 2018-08-17 10h00 +00:00 A vulnerability was discovered in SPICE before version 0.14.1 where the generated code used for demarshalling messages lacked sufficient bounds checks. A malicious client or server, after authentication, could send specially crafted messages to its peer which would result in a crash or, potentially, other impacts.
8.8
High