7.5

CVE-2019-3813

Spice, versions 0.5.2 through 0.14.1, are vulnerable to an out-of-bounds read due to an off-by-one error in memslot_get_virt. This may lead to a denial of service, or, in the worst case, code-execution by unauthenticated attackers.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Spice ProjectSpice Version >= 0.5.2 <= 0.14.1
DebianDebian Linux Version8.0
DebianDebian Linux Version9.0
CanonicalUbuntu Linux Version14.04 SwEditionlts
CanonicalUbuntu Linux Version16.04 SwEditionlts
CanonicalUbuntu Linux Version18.04 SwEditionlts
CanonicalUbuntu Linux Version18.10
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.21% 0.644
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 1.6 5.9
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 5.4 5.5 6.4
AV:A/AC:M/Au:N/C:P/I:P/A:P
CWE-193 Off-by-one Error

A product calculates or uses an incorrect maximum or minimum value that is 1 more, or 1 less, than the correct value.

http://www.securityfocus.com/bid/106801
Broken Link
https://access.redhat.com/errata/RHSA-2019:0231
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:0232
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:0457
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1665371
Third Party Advisory
Issue Tracking
https://lists.debian.org/debian-lts-announce/2019/01/msg00026.html
Third Party Advisory
Mailing List
https://security.gentoo.org/glsa/202007-30
Third Party Advisory
https://usn.ubuntu.com/3870-1/
Third Party Advisory
https://www.debian.org/security/2019/dsa-4375
Third Party Advisory