Date: Mon, 28 Jan 2019 11:53:15 -0700 From: Scott Gayou <sgayou@...hat.com> To: oss-security@...ts.openwall.com Subject: CVE-2019-3813: spice: Off-by-one error in array access in spice/server/memslot.c Hello, spice versions 0.5.2 through 0.14.1 are vulnerable to an out-of-bounds read due to an off-by-one error in memslot_get_virt. This may lead to a denial-of-service, or, in the worst case, code-execution by unauthenticated attackers. The attached patch fixes the issue in spice and is planned to be included in forthcoming release spice 0.14.2. This issue was reported by Christophe Fergeau (Red Hat). References: https://bugzilla.redhat.com/show_bug.cgi?id=1665371 Thank you. -- Scott Gayou / Red Had Product Security Content of type "text/html" skipped View attachment "0001-memslot-Fix-off-by-one-error-in-group-slot-boundary-.patch" of type "text/x-patch" (3803 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.