← back
CVE-2019-3813

CVE-2019-3813

EPSS 1.2%
Spice, versions 0.5.2 through 0.14.1, are vulnerable to an out-of-bounds read due to an off-by-one error in memslot_get_virt. This may lead to a denial of service, or, in the worst case, code-execution by unauthenticated attackers.
Affected products
Red Hat, Inc. · Spice

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://access.redhat.com/errata/RHSA-2019:0231https://access.redhat.com/errata/RHSA-2019:0232https://access.redhat.com/errata/RHSA-2019:0457https://bugzilla.redhat.com/show_bug.cgi?id=1665371https://lists.debian.org/debian-lts-announce/2019/01/msg00026.htmlhttps://security.gentoo.org/glsa/202007-30https://usn.ubuntu.com/3870-1/https://www.debian.org/security/2019/dsa-4375http://www.securityfocus.com/bid/106801