What is the severity of CVE-2016-9577?

CVE-2016-9577 is classified as a medium severity vulnerability due to the potential for buffer overflow attacks.

How do I fix CVE-2016-9577?

To fix CVE-2016-9577, update to the fixed versions of the spice package specified in your operating system's vulnerability notice.

Which software versions are vulnerable to CVE-2016-9577?

Affected versions of spice include 0.14.0-1.3+deb10u1, 0.14.3-2.1, and versions up to 0.13.90 for earlier releases.

What impact does CVE-2016-9577 have on systems?

CVE-2016-9577 can allow an attacker to execute arbitrary code or crash the affected system by sending maliciously crafted large messages.

Is CVE-2016-9577 being actively exploited in the wild?

As of the last reported assessments, there have been no confirmed active exploits targeting CVE-2016-9577.

Vulnerability/
CVE-2016-9577

high

8.8

CWE

119 20 122

5/12/2016

27/7/2018

6/8/2024

CVE-2016-9577: Buffer Overflow

First published: Mon Dec 05 2016(Updated: )

A buffer overflow vulnerability in main_channel_alloc_msg_rcv_buf was found that occurs when reading large messages due to missing buffer size check. Product bug: <a class="bz_bug_link bz_secure " title="" href="show_bug.cgi?id=1401038">https://bugzilla.redhat.com/show_bug.cgi?id=1401038</a>

Credit: secalert@redhat.com

Affected Software	Affected Version	How to fix
debian/spice		0.14.0-1.3+deb10u1 0.14.3-2.1 0.15.1-1
debian/spice	<=0.12.5-1<=0.12.8-2	0.12.5-1+deb8u4 0.12.8-2.1
redhat/spice	<0.13.90	0.13.90
SPICE	<0.13.90
Debian	=8.0
Red Hat Enterprise Linux Desktop	=6.0
Red Hat Enterprise Linux Desktop	=7.0
Red Hat Enterprise Linux Server	=6.0
Red Hat Enterprise Linux Server	=7.0
Red Hat Enterprise Linux Server	=7.3
Red Hat Enterprise Linux Server	=7.4
Red Hat Enterprise Linux Server	=7.3
Red Hat Enterprise Linux Server	=7.4
Red Hat Enterprise Linux Server	=7.5
Red Hat Enterprise Linux Workstation	=6.0
Red Hat Enterprise Linux Workstation	=7.0

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2016-9577?
CVE-2016-9577 is classified as a medium severity vulnerability due to the potential for buffer overflow attacks.
How do I fix CVE-2016-9577?
To fix CVE-2016-9577, update to the fixed versions of the spice package specified in your operating system's vulnerability notice.
Which software versions are vulnerable to CVE-2016-9577?
Affected versions of spice include 0.14.0-1.3+deb10u1, 0.14.3-2.1, and versions up to 0.13.90 for earlier releases.
What impact does CVE-2016-9577 have on systems?
CVE-2016-9577 can allow an attacker to execute arbitrary code or crash the affected system by sending maliciously crafted large messages.
Is CVE-2016-9577 being actively exploited in the wild?
As of the last reported assessments, there have been no confirmed active exploits targeting CVE-2016-9577.

collector/security-tracker-debian
collector/debian-bugs
alias/CVE-2016-9577
agent/type
agent/first-publish-date
agent/references
agent/author
collector/redhat-bugzilla
source/Red Hat
agent/software-canonical-lookup
collector/mitre-cve
source/MITRE
agent/severity
agent/last-modified-date
agent/event
agent/description
agent/weakness
agent/source
agent/softwarecombine
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
package-manager/debian
package-manager/redhat
vendor/spice project
canonical/spice
vendor/debian
canonical/debian
version/debian/8.0
vendor/redhat
canonical/red hat enterprise linux desktop
version/red hat enterprise linux desktop/6.0
version/red hat enterprise linux desktop/7.0
canonical/red hat enterprise linux server
version/red hat enterprise linux server/6.0
version/red hat enterprise linux server/7.0
version/red hat enterprise linux server/7.3
version/red hat enterprise linux server/7.4
version/red hat enterprise linux server/7.5
canonical/red hat enterprise linux workstation
version/red hat enterprise linux workstation/6.0
version/red hat enterprise linux workstation/7.0