What is the vulnerability ID?

The vulnerability ID is CVE-2019-3813.

What is the severity of CVE-2019-3813?

The severity of CVE-2019-3813 is high (7.5).

What is the affected software?

The affected software is Spice versions 0.5.2 through 0.14.1.

How can CVE-2019-3813 be exploited?

CVE-2019-3813 can be exploited by unauthenticated attackers to perform a denial of service attack or potentially execute arbitrary code.

How can I mitigate the vulnerability in Spice versions 0.5.2 through 0.14.1?

To mitigate the vulnerability in Spice versions 0.5.2 through 0.14.1, it is recommended to apply the available patches or updates provided by the vendor.

Vulnerability/
CVE-2019-3813

high

7.5

CWE

193

11/1/2019

4/2/2019

21/11/2024

CVE-2019-3813

First published: Fri Jan 11 2019(Updated: )

An off-by-one error was found in spice when accessing arrays. A malicious guest user can use this for a host denial of service.

Credit: secalert@redhat.com secalert@redhat.com

Affected Software	Affected Version	How to fix
debian/spice	<=0.14.0-1.2<=0.12.8-2.1<=0.12.8-2.1+deb9u2	0.12.8-2.1+deb9u3 0.14.0-1.3
redhat/spice	<0.14.2	0.14.2
debian/spice		0.14.3-2.1 0.15.1-1 0.15.2-1
SPICE	>=0.5.2<=0.14.1
Red Hat Enterprise Linux Desktop	=6.0
Red Hat Enterprise Linux Desktop	=7.0
Red Hat Enterprise Linux Server	=6.0
Red Hat Enterprise Linux Server	=7.0
Red Hat Enterprise Linux Server	=7.6
Red Hat Enterprise Linux Server	=7.6
Red Hat Enterprise Linux Server	=7.6
Red Hat Enterprise Linux Workstation	=6.0
Red Hat Enterprise Linux Workstation	=7.0
Debian	=8.0
Debian	=9.0
Ubuntu	=14.04
Ubuntu	=16.04
Ubuntu	=18.04
Ubuntu	=18.10

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the vulnerability ID?
The vulnerability ID is CVE-2019-3813.
What is the severity of CVE-2019-3813?
The severity of CVE-2019-3813 is high (7.5).
What is the affected software?
The affected software is Spice versions 0.5.2 through 0.14.1.
How can CVE-2019-3813 be exploited?
CVE-2019-3813 can be exploited by unauthenticated attackers to perform a denial of service attack or potentially execute arbitrary code.
How can I mitigate the vulnerability in Spice versions 0.5.2 through 0.14.1?
To mitigate the vulnerability in Spice versions 0.5.2 through 0.14.1, it is recommended to apply the available patches or updates provided by the vendor.

collector/debian-bugs
alias/CVE-2019-3813
agent/type
collector/redhat-bugzilla
source/Red Hat
agent/software-canonical-lookup
agent/severity
agent/weakness
agent/first-publish-date
collector/launchpad-cve
source/Launchpad
collector/security-tracker-debian
source/Debian
agent/author
collector/mitre-cve
source/MITRE
collector/usn-cve
source/Ubuntu
agent/references
agent/description
agent/last-modified-date
agent/event
agent/source
agent/softwarecombine
agent/tags
collector/nvd-cve
source/NVD
agent/software-canonical-lookup-request
collector/nvd-index
collector/nvd-api
package-manager/debian
package-manager/redhat
vendor/spice project
canonical/spice
version/spice/0.5.2
version/spice/0.14.1
vendor/redhat
canonical/red hat enterprise linux desktop
version/red hat enterprise linux desktop/6.0
version/red hat enterprise linux desktop/7.0
canonical/red hat enterprise linux server
version/red hat enterprise linux server/6.0
version/red hat enterprise linux server/7.0
version/red hat enterprise linux server/7.6
canonical/red hat enterprise linux workstation
version/red hat enterprise linux workstation/6.0
version/red hat enterprise linux workstation/7.0
vendor/debian
canonical/debian
version/debian/8.0
version/debian/9.0
vendor/canonical
canonical/ubuntu
version/ubuntu/14.04
version/ubuntu/16.04
version/ubuntu/18.04
version/ubuntu/18.10