CVE-2017-7506

Impact:
Important
Public Date:
2017-07-11
CWE:
CWE-681->CWE-119
Bugzilla:
1452606: CVE-2017-7506 spice: Possible buffer overflow via invalid monitor configurations
A vulnerability was discovered in spice server's protocol handling. An authenticated attacker could send specially crafted messages to the spice server, causing out-of-bounds memory accesses, leading to parts of server memory being leaked or a crash.

Find out more about CVE-2017-7506 from the MITRE CVE dictionary dictionary and NIST NVD.

CVSS v3 metrics

CVSS3 Base Score 9.1
CVSS3 Base Metrics CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:H
Attack Vector Network
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Changed
Confidentiality Low
Integrity Impact Low
Availability Impact High

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 6 (spice-server) RHSA-2018:3522 2018-11-07
Red Hat Enterprise Linux 7 (spice) RHSA-2017:2471 2017-08-15

Affected Packages State

Platform Package State
Red Hat Virtualization 4 distribution Affected
Red Hat Enterprise Linux 7 rhev-hypervisor Affected
RHEV Manager 3 rhev-hypervisor Affected

Acknowledgements

This issue was discovered by Frediano Ziglio (Red Hat).

Last Modified
Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.