CVE-2013-4130

The (1) red_channel_pipes_add_type and (2) red_channel_pipes_add_empty_msg functions in server/red_channel.c in SPICE before 0.12.4 do not properly perform ring loops, which might allow remote attackers to cause a denial of service (reachable assertion and server exit) by triggering a network error.

Published: Aug 21, 2013
Updated: Apr 13, 2023
CVE: CVE-2013-4130
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:N/I:N/A:P

CWEs:

CWE-399

Affected Software
References

Software	From	Fixed in
spice_project / spice	0.10.0	0.10.0.x
spice_project / spice	0.12.2	0.12.2.x
spice_project / spice	0.7.3	0.7.3.x
spice_project / spice	-	0.12.3.x
spice_project / spice	0.8.0	0.8.0.x
spice_project / spice	0.7.0	0.7.0.x
spice_project / spice	0.9.0	0.9.0.x
spice_project / spice	0.6.0	0.6.0.x
spice_project / spice	0.10.1	0.10.1.x
spice_project / spice	0.6.3	0.6.3.x
spice_project / spice	0.6.4	0.6.4.x
spice_project / spice	0.5.3	0.5.3.x
spice_project / spice	0.5.2	0.5.2.x
spice_project / spice	0.11.0	0.11.0.x
spice_project / spice	0.8.3	0.8.3.x
spice_project / spice	0.6.1	0.6.1.x
spice_project / spice	0.9.1	0.9.1.x
spice_project / spice	0.8.2	0.8.2.x
spice_project / spice	0.7.1	0.7.1.x
spice_project / spice	0.11.3	0.11.3.x
spice_project / spice	0.8.1	0.8.1.x
spice_project / spice	0.12.0	0.12.0.x
spice_project / spice	0.6.2	0.6.2.x
spice_project / spice	0.7.2	0.7.2.x
canonical / ubuntu_linux	13.04	13.04.x

Vulnerability Database

289,784

CVE-2013-4130