redhat virtualization CVE-2018-10873 vulnerability in Red Hat and Other Products
Published on August 17, 2018

product logo product logo product logo product logo
A vulnerability was discovered in SPICE before version 0.14.1 where the generated code used for demarshalling messages lacked sufficient bounds checks. A malicious client or server, after authentication, could send specially crafted messages to its peer which would result in a crash or, potentially, other impacts.

Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory NVD

Weakness Type

What is a Buffer Overflow Vulnerability?

The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

CVE-2018-10873 has been classified to as a Buffer Overflow vulnerability or weakness.


Products Associated with CVE-2018-10873

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2018-10873 are published in these products:

Red Hat Virtualization
 
Red Hat Virtualization Host
 
Spiceproject Spice
 
Canonical Ubuntu Linux
 
Debian Linux
 
Red Hat Enterprise Linux Desktop
 
Red Hat Enterprise Linux Server
 
Red Hat Enterprise Linux Server Aus
 
Red Hat Enterprise Linux Server Eus
 
Red Hat Enterprise Linux Server Tus
 
Red Hat Enterprise Linux Workstation
 

Affected Versions

[UNKNOWN] spice: Version 0.14.1 is affected by CVE-2018-10873

Exploit Probability

EPSS
1.21%
Percentile
78.71%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.