Public Date:
1452606: CVE-2017-7506 spice: Possible buffer overflow via invalid monitor configurations
A vulnerability was discovered in spice server's protocol handling. An authenticated attacker could send specially crafted messages to the spice server, causing out-of-bounds memory accesses, leading to parts of server memory being leaked or a crash.

Find out more about CVE-2017-7506 from the MITRE CVE dictionary dictionary and NIST NVD.

CVSS v3 metrics

CVSS3 Base Score 9.1
CVSS3 Base Metrics CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:H
Attack Vector Network
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Changed
Confidentiality Low
Integrity Impact Low
Availability Impact High

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 6 (spice-server) RHSA-2018:3522 2018-11-07
Red Hat Enterprise Linux 7 (spice) RHSA-2017:2471 2017-08-15
Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts RHBA-2017:2529 2017-08-22

Affected Packages State

Platform Package State
Red Hat Enterprise Linux 7 rhev-hypervisor Affected
RHEV Manager 3 rhev-hypervisor Affected


This issue was discovered by Frediano Ziglio (Red Hat).
Last Modified