What is the vulnerability ID?

The vulnerability ID is CVE-2019-3813.

What is the severity of CVE-2019-3813?

The severity of CVE-2019-3813 is high (7.5).

What is the affected software?

The affected software is Spice versions 0.5.2 through 0.14.1.

How can CVE-2019-3813 be exploited?

CVE-2019-3813 can be exploited by unauthenticated attackers to perform a denial of service attack or potentially execute arbitrary code.

How can I mitigate the vulnerability in Spice versions 0.5.2 through 0.14.1?

To mitigate the vulnerability in Spice versions 0.5.2 through 0.14.1, it is recommended to apply the available patches or updates provided by the vendor.

Vulnerability/
CVE-2019-3813

high

7.5

CWE

193

11/1/2019

4/2/2019

26/4/2022

CVE-2019-3813

First published: Fri Jan 11 2019(Updated: )

An off-by-one error was found in spice when accessing arrays. A malicious guest user can use this for a host denial of service.

Credit: secalert@redhat.com

Affected Software	Affected Version	How to fix
debian/spice		0.14.0-1.3+deb10u1 0.14.3-2.1 0.15.1-1
redhat/spice	<0.14.2	0.14.2
debian/spice	<=0.14.0-1.2<=0.12.8-2.1<=0.12.8-2.1+deb9u2	0.12.8-2.1+deb9u3 0.14.0-1.3
Spice Project Spice	>=0.5.2<=0.14.1
Redhat Enterprise Linux Desktop	=6.0
Redhat Enterprise Linux Desktop	=7.0
Redhat Enterprise Linux Server	=6.0
Redhat Enterprise Linux Server	=7.0
Redhat Enterprise Linux Server Aus	=7.6
Redhat Enterprise Linux Server Eus	=7.6
Redhat Enterprise Linux Server Tus	=7.6
Redhat Enterprise Linux Workstation	=6.0
Redhat Enterprise Linux Workstation	=7.0
Debian Debian Linux	=8.0
Debian Debian Linux	=9.0
Canonical Ubuntu Linux	=14.04
Canonical Ubuntu Linux	=16.04
Canonical Ubuntu Linux	=18.04
Canonical Ubuntu Linux	=18.10

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the vulnerability ID?
The vulnerability ID is CVE-2019-3813.
What is the severity of CVE-2019-3813?
The severity of CVE-2019-3813 is high (7.5).
What is the affected software?
The affected software is Spice versions 0.5.2 through 0.14.1.
How can CVE-2019-3813 be exploited?
CVE-2019-3813 can be exploited by unauthenticated attackers to perform a denial of service attack or potentially execute arbitrary code.
How can I mitigate the vulnerability in Spice versions 0.5.2 through 0.14.1?
To mitigate the vulnerability in Spice versions 0.5.2 through 0.14.1, it is recommended to apply the available patches or updates provided by the vendor.

agent/author
agent/description
agent/event
agent/first-publish-date
agent/last-modified-date
agent/references
agent/severity
agent/softwarecombine
agent/tags
agent/type
agent/weakness
collector/debian-bugs
alias/CVE-2019-3813
collector/nvd-index
collector/redhat-bugzilla
source/Red Hat
agent/software-canonical-lookup
collector/security-tracker-debian
package-manager/debian
vendor/spice project
canonical/spice project spice
version/spice project spice/0.5.2
version/spice project spice/0.14.1
vendor/redhat
canonical/redhat enterprise linux desktop
version/redhat enterprise linux desktop/6.0
version/redhat enterprise linux desktop/7.0
canonical/redhat enterprise linux server
version/redhat enterprise linux server/6.0
version/redhat enterprise linux server/7.0
canonical/redhat enterprise linux server aus
version/redhat enterprise linux server aus/7.6
canonical/redhat enterprise linux server eus
version/redhat enterprise linux server eus/7.6
canonical/redhat enterprise linux server tus
version/redhat enterprise linux server tus/7.6
canonical/redhat enterprise linux workstation
version/redhat enterprise linux workstation/6.0
version/redhat enterprise linux workstation/7.0
vendor/debian
canonical/debian debian linux
version/debian debian linux/8.0
version/debian debian linux/9.0
vendor/canonical
canonical/canonical ubuntu linux
version/canonical ubuntu linux/14.04
version/canonical ubuntu linux/16.04
version/canonical ubuntu linux/18.04
version/canonical ubuntu linux/18.10
package-manager/redhat