CVE Vulnerabilities

CVE-2013-4130

Published: Aug 20, 2013 | Modified: Jan 24, 2014
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
5 MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P
RedHat/V2
RedHat/V3
Ubuntu

The (1) red_channel_pipes_add_type and (2) red_channel_pipes_add_empty_msg functions in server/red_channel.c in SPICE before 0.12.4 do not properly perform ring loops, which might allow remote attackers to cause a denial of service (reachable assertion and server exit) by triggering a network error.

Affected Software

Name Vendor Start Version End Version
Spice Spice_project * 0.12.3 (including)
Spice Spice_project 0.5.2 (including) 0.5.2 (including)
Spice Spice_project 0.5.3 (including) 0.5.3 (including)
Spice Spice_project 0.6.0 (including) 0.6.0 (including)
Spice Spice_project 0.6.1 (including) 0.6.1 (including)
Spice Spice_project 0.6.2 (including) 0.6.2 (including)
Spice Spice_project 0.6.3 (including) 0.6.3 (including)
Spice Spice_project 0.6.4 (including) 0.6.4 (including)
Spice Spice_project 0.7.0 (including) 0.7.0 (including)
Spice Spice_project 0.7.1 (including) 0.7.1 (including)
Spice Spice_project 0.7.2 (including) 0.7.2 (including)
Spice Spice_project 0.7.3 (including) 0.7.3 (including)
Spice Spice_project 0.8.0 (including) 0.8.0 (including)
Spice Spice_project 0.8.1 (including) 0.8.1 (including)
Spice Spice_project 0.8.2 (including) 0.8.2 (including)
Spice Spice_project 0.8.3 (including) 0.8.3 (including)
Spice Spice_project 0.9.0 (including) 0.9.0 (including)
Spice Spice_project 0.9.1 (including) 0.9.1 (including)
Spice Spice_project 0.10.0 (including) 0.10.0 (including)
Spice Spice_project 0.10.1 (including) 0.10.1 (including)
Spice Spice_project 0.11.0 (including) 0.11.0 (including)
Spice Spice_project 0.11.3 (including) 0.11.3 (including)
Spice Spice_project 0.12.0 (including) 0.12.0 (including)
Spice Spice_project 0.12.2 (including) 0.12.2 (including)

References