Bug 1598234 (CVE-2018-10893) - CVE-2018-10893 spice-client: Insufficient encoding checks for LZ can cause different integer/buffer overflows
Summary: CVE-2018-10893 spice-client: Insufficient encoding checks for LZ can cause di...
Keywords:
Status: CLOSED WONTFIX
Alias: CVE-2018-10893
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
: 1594904 (view as bug list)
Depends On: 1598651 1598235 1598236 1598237 1598652 1598653 1658523
Blocks: 1598238
TreeView+ depends on / blocked
 
Reported: 2018-07-04 20:39 UTC by Laura Pardo
Modified: 2019-09-29 14:43 UTC (History)
17 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Multiple integer overflow and buffer overflow issues were discovered in spice-client's handling of LZ compressed frames. A malicious server could cause the client to crash or, potentially, execute arbitrary code.
Clone Of:
Environment:
Last Closed: 2019-07-18 12:44:20 UTC


Attachments (Terms of Use)
First patch (2.28 KB, patch)
2018-07-16 09:06 UTC, Christophe Fergeau
no flags Details | Diff
Second patch (2.83 KB, patch)
2018-07-16 09:06 UTC, Christophe Fergeau
no flags Details | Diff


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2019:2229 None None None 2019-08-06 12:30:19 UTC

Description Laura Pardo 2018-07-04 20:39:23 UTC
A flaw was found in spice-client. An improper check on LZ images sent by the server could lead to an integer/buffer overflows on the client.


References:
https://bugzilla.redhat.com/show_bug.cgi?id=1594904

Comment 1 Laura Pardo 2018-07-04 20:40:09 UTC
Created mingw-spice-gtk tracking bugs for this issue:

Affects: fedora-all [bug 1598236]


Created spice-gtk tracking bugs for this issue:

Affects: fedora-all [bug 1598235]

Comment 7 Salvatore Bonaccorso 2018-07-07 06:24:17 UTC
Hi Laura

Since the Red Hat reference is not accessible, are there any details available for this issue? Is the issue adressed already?

Regards,
Salvatore

Comment 10 Doran Moppert 2018-07-12 01:14:31 UTC
Acknowledgments:

Name: Frediano Ziglio (Red Hat)

Comment 11 Christophe Fergeau 2018-07-16 09:06:14 UTC
Created attachment 1459094 [details]
First patch

Comment 12 Christophe Fergeau 2018-07-16 09:06:53 UTC
Created attachment 1459095 [details]
Second patch

Comment 16 Frediano Ziglio 2018-10-15 09:45:39 UTC
*** Bug 1594904 has been marked as a duplicate of this bug. ***

Comment 19 Victor Toso 2019-07-18 12:44:20 UTC
Too late for last z-stream batch for 7.6, closing.

Comment 21 errata-xmlrpc 2019-08-06 12:30:18 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2019:2229 https://access.redhat.com/errata/RHSA-2019:2229


Note You need to log in before you can comment on or make changes to this bug.