Bug 1921846 (CVE-2021-20201) - CVE-2021-20201 spice: Client initiated renegotiation denial of service
Summary: CVE-2021-20201 spice: Client initiated renegotiation denial of service
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2021-20201
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1904459 1921847 1929154
Blocks: 1921851
TreeView+ depends on / blocked
 
Reported: 2021-01-28 17:35 UTC by Pedro Sampaio
Modified: 2021-06-10 09:27 UTC (History)
9 users (show)

Fixed In Version: spice 0.14.92
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in spice. A DoS tool might make it easier for remote attackers to cause a denial of service (CPU consumption) by performing many renegotiations within a single connection.
Clone Of:
Environment:
Last Closed: 2021-05-18 20:38:17 UTC


Attachments (Terms of Use)

Description Pedro Sampaio 2021-01-28 17:35:18 UTC
A issue was discovered in spice v0.14.91 and before. There is a DoS Vulnerability which might make it easier for remote attackers to cause a denial of service (CPU consumption) by performing many renegotiations within a single connection.

Upstream issue:

https://gitlab.freedesktop.org/spice/spice/-/issues/49

References:

https://blog.qualys.com/product-tech/2011/10/31/tls-renegotiation-and-denial-of-service-attacks

Comment 1 Pedro Sampaio 2021-01-28 17:35:49 UTC
Created spice tracking bugs for this issue:

Affects: fedora-all [bug 1921847]

Comment 6 Mauro Matteo Cascella 2021-02-16 10:31:22 UTC
External References:

https://blog.qualys.com/product-tech/2011/10/31/tls-renegotiation-and-denial-of-service-attacks

Comment 9 errata-xmlrpc 2021-05-18 16:09:28 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2021:1924 https://access.redhat.com/errata/RHSA-2021:1924

Comment 10 Product Security DevOps Team 2021-05-18 20:38:17 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2021-20201


Note You need to log in before you can comment on or make changes to this bug.