Bug 1868435 (CVE-2020-14355) - CVE-2020-14355 spice: multiple buffer overflow vulnerabilities in QUIC decoding code
Summary: CVE-2020-14355 spice: multiple buffer overflow vulnerabilities in QUIC decodi...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2020-14355
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1829946 1842472 1873499 1873500 1873501 1873502 1873503 1873504 1873505 1873507 1873508 1873509 1873510 1873511 1873512 1873513 1873514 1873515 1873516 1873517 1873518 1873519 1873520 1873522 1873523 1873524 1873528 1873529 1873530 1873531 1873532 1873533 1885565 1885566 1910702
Blocks: 1854335
TreeView+ depends on / blocked
 
Reported: 2020-08-12 16:47 UTC by Mauro Matteo Cascella
Modified: 2022-05-17 09:29 UTC (History)
15 users (show)

Fixed In Version: spice-0.14.2-1
Doc Type: If docs needed, set a value
Doc Text:
Multiple buffer overflow vulnerabilities were found in the QUIC image decoding process of the SPICE remote display system. Both the SPICE client (spice-gtk) and server are affected by these flaws. These flaws allow a malicious client or server to send specially crafted messages that, when processed by the QUIC image compression algorithm, result in a process crash or potential code execution.
Clone Of:
Environment:
Last Closed: 2020-10-06 14:21:13 UTC


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2020:4212 0 None None None 2020-10-08 08:37:10 UTC
Red Hat Product Errata RHSA-2020:4184 0 None None None 2020-10-06 13:15:38 UTC
Red Hat Product Errata RHSA-2020:4185 0 None None None 2020-10-06 15:49:18 UTC
Red Hat Product Errata RHSA-2020:4186 0 None None None 2020-10-06 19:53:53 UTC
Red Hat Product Errata RHSA-2020:4187 0 None None None 2020-10-06 20:01:57 UTC

Description Mauro Matteo Cascella 2020-08-12 16:47:35 UTC
Multiple buffer overflow vulnerabilities were found in the QUIC image decoding process of the SPICE remote display system. More specifically, these flaws reside in the spice-common shared code between the client and server of SPICE. In other words, both the client (spice-gtk) and server are affected by these flaws. A malicious client or server could send specially crafted messages which would result in a process crash or potential code execution.

Upstream commits:
* https://gitlab.freedesktop.org/spice/spice-common/-/commit/762e0aba
* https://gitlab.freedesktop.org/spice/spice-common/-/commit/404d7478
* https://gitlab.freedesktop.org/spice/spice-common/-/commit/ef1b6ff7
* https://gitlab.freedesktop.org/spice/spice-common/-/commit/b24fe6b6

Comment 1 Mauro Matteo Cascella 2020-08-12 16:47:38 UTC
Acknowledgments:

Name: Frediano Ziglio (Red Hat)

Comment 16 Mauro Matteo Cascella 2020-10-06 12:26:03 UTC
Created spice tracking bugs for this issue:

Affects: fedora-all [bug 1885565]


Created spice-gtk tracking bugs for this issue:

Affects: fedora-all [bug 1885566]

Comment 21 errata-xmlrpc 2020-10-06 13:15:33 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions

Via RHSA-2020:4184 https://access.redhat.com/errata/RHSA-2020:4184

Comment 22 Product Security DevOps Team 2020-10-06 14:21:13 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2020-14355

Comment 23 errata-xmlrpc 2020-10-06 15:49:14 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Extended Update Support

Via RHSA-2020:4185 https://access.redhat.com/errata/RHSA-2020:4185

Comment 24 errata-xmlrpc 2020-10-06 19:53:51 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2020:4186 https://access.redhat.com/errata/RHSA-2020:4186

Comment 25 errata-xmlrpc 2020-10-06 20:02:02 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2020:4187 https://access.redhat.com/errata/RHSA-2020:4187

Comment 26 Prasad J Pandit 2020-10-07 09:15:01 UTC
External References:

https://www.openwall.com/lists/oss-security/2020/10/06/10


Note You need to log in before you can comment on or make changes to this bug.