{"containers": {"cna": {"affected": [{"product": "spice", "vendor": "The SPICE Project", "versions": [{"status": "affected", "version": "all versions through 0.13"}]}], "datePublic": "2017-07-11T00:00:00", "descriptions": [{"lang": "en", "value": "spice versions though 0.13 are vulnerable to out-of-bounds memory access when processing specially crafted messages from authenticated attacker to the spice server resulting into crash and/or server memory leak."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-119", "description": "CWE-119", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2018-11-08T10:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "RHSA-2018:3522", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2018:3522"}, {"name": "[oss-security] 20170714 CVE-2017-7506 spice: Possible buffer overflow via invalid monitor configurations", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2017/07/14/1"}, {"name": "RHSA-2017:2471", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2017:2471"}, {"name": "DSA-3907", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2017/dsa-3907"}, {"name": "99583", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/99583"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1452606"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T16:04:11.818Z"}, "title": "CVE Program Container", "references": [{"name": "RHSA-2018:3522", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2018:3522"}, {"name": "[oss-security] 20170714 CVE-2017-7506 spice: Possible buffer overflow via invalid monitor configurations", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2017/07/14/1"}, {"name": "RHSA-2017:2471", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2017:2471"}, {"name": "DSA-3907", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2017/dsa-3907"}, {"name": "99583", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/99583"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1452606"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2017-7506", "dateReserved": "2017-04-05T00:00:00", "dateUpdated": "2024-08-05T16:04:11.818Z", "state": "PUBLISHED", "datePublished": "2017-07-18T15:00:00Z"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:spice_project:spice:0.5.2:*:*:*:*:*:*:*", "matchCriteriaId": "D43478E1-FAC9-4331-890A-3A0657B297CD", "vulnerable": true}, {"criteria": "cpe:2.3:a:spice_project:spice:0.5.3:*:*:*:*:*:*:*", "matchCriteriaId": "9EF919EB-A288-4B04-B16D-5CBF02D3DA50", "vulnerable": true}, {"criteria": "cpe:2.3:a:spice_project:spice:0.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "C4B6CA6B-2EA2-49B2-A1CB-1A2E6BCD5310", "vulnerable": true}, {"criteria": "cpe:2.3:a:spice_project:spice:0.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "3799D9A4-36DD-46C7-920F-CBBACFBD1A3F", "vulnerable": true}, {"criteria": "cpe:2.3:a:spice_project:spice:0.6.2:*:*:*:*:*:*:*", "matchCriteriaId": "D98B8AD9-2199-491B-971D-51C8E8C8620F", "vulnerable": true}, {"criteria": "cpe:2.3:a:spice_project:spice:0.6.3:*:*:*:*:*:*:*", "matchCriteriaId": "334E8934-ACD6-4EA8-8603-1A74754E686E", "vulnerable": true}, {"criteria": "cpe:2.3:a:spice_project:spice:0.6.4:*:*:*:*:*:*:*", "matchCriteriaId": "DC523EFE-42BB-401F-B56F-CD3111521926", "vulnerable": true}, {"criteria": "cpe:2.3:a:spice_project:spice:0.7.0:*:*:*:*:*:*:*", "matchCriteriaId": "8D99BC7E-E0AE-47DB-AB4E-E2E8B819F11E", "vulnerable": true}, {"criteria": "cpe:2.3:a:spice_project:spice:0.7.1:*:*:*:*:*:*:*", "matchCriteriaId": "A94048EB-8898-48D2-94F5-5EB4EBACF1EC", "vulnerable": true}, {"criteria": "cpe:2.3:a:spice_project:spice:0.7.2:*:*:*:*:*:*:*", "matchCriteriaId": "5FDB2652-0358-4624-AA5A-85E6AF78602D", "vulnerable": true}, {"criteria": "cpe:2.3:a:spice_project:spice:0.7.3:*:*:*:*:*:*:*", "matchCriteriaId": "D5DDBC28-2B52-4ED3-A547-220308730442", "vulnerable": true}, {"criteria": "cpe:2.3:a:spice_project:spice:0.8.0:*:*:*:*:*:*:*", "matchCriteriaId": "415261CB-7BC6-43A3-8655-4A9B5762D40D", "vulnerable": true}, {"criteria": "cpe:2.3:a:spice_project:spice:0.8.1:*:*:*:*:*:*:*", "matchCriteriaId": "F9EC9E53-64A4-4ACD-96A2-914E99FD18CA", "vulnerable": true}, {"criteria": "cpe:2.3:a:spice_project:spice:0.8.2:*:*:*:*:*:*:*", "matchCriteriaId": "E2AF8BAE-BA8D-4B88-ABF7-BFF3FF1C35FE", "vulnerable": true}, {"criteria": "cpe:2.3:a:spice_project:spice:0.8.3:*:*:*:*:*:*:*", "matchCriteriaId": "B572F78E-3D9E-447C-AC2A-790833FE9572", "vulnerable": true}, {"criteria": "cpe:2.3:a:spice_project:spice:0.9.0:*:*:*:*:*:*:*", "matchCriteriaId": "40C5F192-9B57-406B-A026-986C5FA23E7D", "vulnerable": true}, {"criteria": "cpe:2.3:a:spice_project:spice:0.9.1:*:*:*:*:*:*:*", "matchCriteriaId": "80AC3C68-6EF4-45BA-AE83-63BF7E2C5FDC", "vulnerable": true}, {"criteria": "cpe:2.3:a:spice_project:spice:0.10.0:*:*:*:*:*:*:*", "matchCriteriaId": "8A5FAD2D-A31D-47F5-A0CA-F956566AF64E", "vulnerable": true}, {"criteria": "cpe:2.3:a:spice_project:spice:0.10.1:*:*:*:*:*:*:*", "matchCriteriaId": "D3A7A337-017E-442C-8243-ACCEC60386DC", "vulnerable": true}, {"criteria": "cpe:2.3:a:spice_project:spice:0.11.0:*:*:*:*:*:*:*", "matchCriteriaId": "1FEDFB76-03BA-4C85-8941-60ED24248C19", "vulnerable": true}, {"criteria": "cpe:2.3:a:spice_project:spice:0.11.3:*:*:*:*:*:*:*", "matchCriteriaId": "534D1105-4AC0-4DD4-93BA-CD7B6DF09F26", "vulnerable": true}, {"criteria": "cpe:2.3:a:spice_project:spice:0.12.0:*:*:*:*:*:*:*", "matchCriteriaId": "937428E5-EE31-4BBF-9774-EFB9866B58D9", "vulnerable": true}, {"criteria": "cpe:2.3:a:spice_project:spice:0.12.2:*:*:*:*:*:*:*", "matchCriteriaId": "7AE28BE9-1851-4BCA-A1B8-8F291C744703", "vulnerable": true}, {"criteria": "cpe:2.3:a:spice_project:spice:0.12.3:*:*:*:*:*:*:*", "matchCriteriaId": "9DD83413-0A15-4117-87B9-C6551A327448", "vulnerable": true}, {"criteria": "cpe:2.3:a:spice_project:spice:0.12.4:*:*:*:*:*:*:*", "matchCriteriaId": "B9120288-1454-4ED9-AFD2-FCA52B92E761", "vulnerable": true}, {"criteria": "cpe:2.3:a:spice_project:spice:0.12.5:*:*:*:*:*:*:*", "matchCriteriaId": "12099A50-80EA-4613-B55E-2A6F426AABAD", "vulnerable": true}, {"criteria": "cpe:2.3:a:spice_project:spice:0.12.6:*:*:*:*:*:*:*", "matchCriteriaId": "66E7D605-AF1B-4A3E-B522-FA019879238A", "vulnerable": true}, {"criteria": "cpe:2.3:a:spice_project:spice:0.12.7:*:*:*:*:*:*:*", "matchCriteriaId": "AE37633B-B577-4C8E-B807-23561DFE18D4", "vulnerable": true}, {"criteria": "cpe:2.3:a:spice_project:spice:0.12.8:*:*:*:*:*:*:*", "matchCriteriaId": "CF05DBE8-B5CF-40BA-8EFF-51B416E0CD91", "vulnerable": true}, {"criteria": "cpe:2.3:a:spice_project:spice:0.13.0:*:*:*:*:*:*:*", "matchCriteriaId": "BA3CFB3D-0D04-4F62-9CD9-886CDE5AA578", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "spice versions though 0.13 are vulnerable to out-of-bounds memory access when processing specially crafted messages from authenticated attacker to the spice server resulting into crash and/or server memory leak."}, {"lang": "es", "value": "Spice versiones hasta 0.13, son vulnerables al acceso a la memoria fuera de l\u00edmites al procesar mensajes especialmente creados desde el atacante autenticado hasta el servidor de Spice, resultando en un bloqueo y/o p\u00e9rdida de memoria del servidor."}], "id": "CVE-2017-7506", "lastModified": "2025-04-20T01:37:25.860", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-07-18T15:29:00.173", "references": [{"source": "secalert@redhat.com", "url": "http://www.debian.org/security/2017/dsa-3907"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2017/07/14/1"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/99583"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2017:2471"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2018:3522"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1452606"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2017/dsa-3907"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2017/07/14/1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/99583"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2017:2471"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2018:3522"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1452606"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "secalert@redhat.com", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Secondary"}]}

{"acknowledgement": "This issue was discovered by Frediano Ziglio (Red Hat).", "affected_release": [{"advisory": "RHSA-2018:3522", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "spice-server-0:0.12.4-16.el6_10.2", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2018-11-07T00:00:00Z"}, {"advisory": "RHSA-2017:2471", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "spice-0:0.12.8-2.el7.1", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2017-08-15T00:00:00Z"}, {"advisory": "RHBA-2017:2529", "cpe": "cpe:/o:redhat:enterprise_linux:7::hypervisor", "package": "imgbased-0:0.9.47-0.1.el7ev", "product_name": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 7", "release_date": "2017-08-22T00:00:00Z"}, {"advisory": "RHBA-2017:2529", "cpe": "cpe:/o:redhat:enterprise_linux:7::hypervisor", "package": "ovirt-node-ng-0:4.1.5-0.20170810.0.el7", "product_name": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 7", "release_date": "2017-08-22T00:00:00Z"}, {"advisory": "RHBA-2017:2529", "cpe": "cpe:/o:redhat:enterprise_linux:7::hypervisor", "package": "redhat-release-virtualization-host-0:4.1-5.0.el7", "product_name": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 7", "release_date": "2017-08-22T00:00:00Z"}, {"advisory": "RHBA-2017:2529", "cpe": "cpe:/o:redhat:enterprise_linux:7::hypervisor", "package": "redhat-virtualization-host-0:4.1-20170816.2", "product_name": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 7", "release_date": "2017-08-22T00:00:00Z"}], "bugzilla": {"description": "spice: Possible buffer overflow via invalid monitor configurations", "id": "1452606", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1452606"}, "csaw": false, "cvss3": {"cvss3_base_score": "9.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:H", "status": "verified"}, "cwe": "CWE-681->CWE-119", "details": ["spice versions though 0.13 are vulnerable to out-of-bounds memory access when processing specially crafted messages from authenticated attacker to the spice server resulting into crash and/or server memory leak.", "A vulnerability was discovered in spice server's protocol handling. An authenticated attacker could send specially crafted messages to the spice server, causing out-of-bounds memory accesses, leading to parts of server memory being leaked or a crash."], "name": "CVE-2017-7506", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Affected", "package_name": "rhev-hypervisor", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:rhev_hypervisor:4", "fix_state": "Affected", "package_name": "distribution", "product_name": "Red Hat Virtualization 4"}], "public_date": "2017-07-11T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2017-7506\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7506"], "threat_severity": "Important"}

{}