Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date: Mon, 28 Jan 2019 11:53:15 -0700
From: Scott Gayou <sgayou@...hat.com>
To: oss-security@...ts.openwall.com
Subject: CVE-2019-3813: spice: Off-by-one error in array access in spice/server/memslot.c

Hello,

spice versions 0.5.2 through 0.14.1 are vulnerable to an out-of-bounds read
due to an off-by-one error in memslot_get_virt. This may lead to a
denial-of-service, or, in the worst case, code-execution by unauthenticated
attackers.

The attached patch fixes the issue in spice and is planned to be included
in forthcoming release spice 0.14.2.

This issue was reported by Christophe Fergeau (Red Hat).

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1665371

Thank you.

-- 
Scott Gayou / Red Had Product Security

Content of type "text/html" skipped

View attachment "0001-memslot-Fix-off-by-one-error-in-group-slot-boundary-.patch" of type "text/x-patch" (3803 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.