CVE-2019-3813

Summary

Spice, versions 0.5.2 through 0.14.1, are vulnerable to an out-of-bounds read due to an off-by-one error in memslot_get_virt. This may lead to a denial of service, or, in the worst case, code-execution by unauthenticated attackers.

Affected Software

VendorProductVersion RangeStatus
Red Hat, Inc.Spiceversions 0.5.2 through 0.14.1affected

Weaknesses

  • Denial of Service

ADP Enrichment

CVE Program Container

Additional References

References