CVE-2016-9578

high

Description

A vulnerability was discovered in SPICE before 0.13.90 in the server's protocol handling. An attacker able to connect to the SPICE server could send crafted messages which would cause the process to crash.

References

Advisories

https://www.debian.org/security/2017/dsa-3790

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9578

https://access.redhat.com/errata/RHSA-2017:0552

https://access.redhat.com/errata/RHSA-2017:0254

http://www.securityfocus.com/bid/96118

http://rhn.redhat.com/errata/RHSA-2017-0549.html

http://rhn.redhat.com/errata/RHSA-2017-0253.html

Details

Source: Mitre, NVD

Published: 2018-07-27

Updated: 2023-11-07

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Severity: Medium

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Severity: High

EPSS

EPSS: 0.03665

Detections

Analytics