Vulnerability-Lookup

CVE-2015-5260 (GCVE-0-2015-5260)

Vulnerability from cvelistv5 – Published: 2016-06-07 14:00 – Updated: 2024-08-06 06:41

Summary

Heap-based buffer overflow in SPICE before 0.12.6 allows guest OS users to cause a denial of service (heap-based memory corruption and QEMU-KVM crash) or possibly execute arbitrary code on the host via QXL commands related to the surface_id parameter.

Severity ?

No CVSS data available.

CWE

Assigner

redhat

References

URL

CNVD-2015-06544

Vulnerability from cnvd - Published: 2015-10-16

Title

Spice 'surface_id'堆溢出漏洞

Description

SPICE(独立计算环境简单协议)是红帽企业虚拟化桌面版的三大主要技术组件之一,具有自适应能力的远程提交协议,能够提供与物理桌面完全相同的最终用户体验。 SPICE存在安全漏洞，guest系统的本地用户可通过包含特殊'surface_id'参数的QXL命令触发堆溢出，可使QEMU-KVM进程崩溃。

Severity

中

Patch Name

Spice 'surface_id'堆溢出漏洞的补丁

Patch Description

SPICE(独立计算环境简单协议)是红帽企业虚拟化桌面版的三大主要技术组件之一,具有自适应能力的远程提交协议,能够提供与物理桌面完全相同的最终用户体验。 SPICE存在安全漏洞，guest系统的本地用户可通过包含特殊'surface_id'参数的QXL命令触发堆溢出，可使QEMU-KVM进程崩溃。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

用户可参考如下厂商提供的安全公告获取补丁以修复该漏洞： http://cgit.freedesktop.org/spice/spice/commit/?id=ee1beff2ab0961066c71466a195430fb2473240d

Reference

http://cgit.freedesktop.org/spice/spice/commit/?id=ee1beff2ab0961066c71466a195430fb2473240d

Impacted products

Name
Red Hat SPICE

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2015-5260"
    }
  },
  "description": "SPICE(\u72ec\u7acb\u8ba1\u7b97\u73af\u5883\u7b80\u5355\u534f\u8bae)\u662f\u7ea2\u5e3d\u4f01\u4e1a\u865a\u62df\u5316\u684c\u9762\u7248\u7684\u4e09\u5927\u4e3b\u8981\u6280\u672f\u7ec4\u4ef6\u4e4b\u4e00,\u5177\u6709\u81ea\u9002\u5e94\u80fd\u529b\u7684\u8fdc\u7a0b\u63d0\u4ea4\u534f\u8bae,\u80fd\u591f\u63d0\u4f9b\u4e0e\u7269\u7406\u684c\u9762\u5b8c\u5168\u76f8\u540c\u7684\u6700\u7ec8\u7528\u6237\u4f53\u9a8c\u3002\r\n\r\nSPICE\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0cguest\u7cfb\u7edf\u7684\u672c\u5730\u7528\u6237\u53ef\u901a\u8fc7\u5305\u542b\u7279\u6b8a\u0027surface_id\u0027\u53c2\u6570\u7684QXL\u547d\u4ee4\u89e6\u53d1\u5806\u6ea2\u51fa\uff0c\u53ef\u4f7fQEMU-KVM\u8fdb\u7a0b\u5d29\u6e83\u3002",
  "discovererName": "unknown",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u5382\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u516c\u544a\u83b7\u53d6\u8865\u4e01\u4ee5\u4fee\u590d\u8be5\u6f0f\u6d1e\uff1a\r\nhttp://cgit.freedesktop.org/spice/spice/commit/?id=ee1beff2ab0961066c71466a195430fb2473240d",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2015-06544",
  "openTime": "2015-10-16",
  "patchDescription": "SPICE(\u72ec\u7acb\u8ba1\u7b97\u73af\u5883\u7b80\u5355\u534f\u8bae)\u662f\u7ea2\u5e3d\u4f01\u4e1a\u865a\u62df\u5316\u684c\u9762\u7248\u7684\u4e09\u5927\u4e3b\u8981\u6280\u672f\u7ec4\u4ef6\u4e4b\u4e00,\u5177\u6709\u81ea\u9002\u5e94\u80fd\u529b\u7684\u8fdc\u7a0b\u63d0\u4ea4\u534f\u8bae,\u80fd\u591f\u63d0\u4f9b\u4e0e\u7269\u7406\u684c\u9762\u5b8c\u5168\u76f8\u540c\u7684\u6700\u7ec8\u7528\u6237\u4f53\u9a8c\u3002\r\n\r\nSPICE\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0cguest\u7cfb\u7edf\u7684\u672c\u5730\u7528\u6237\u53ef\u901a\u8fc7\u5305\u542b\u7279\u6b8a\u0027surface_id\u0027\u53c2\u6570\u7684QXL\u547d\u4ee4\u89e6\u53d1\u5806\u6ea2\u51fa\uff0c\u53ef\u4f7fQEMU-KVM\u8fdb\u7a0b\u5d29\u6e83\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Spice \u0027surface_id\u0027\u5806\u6ea2\u51fa\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Red Hat SPICE"
  },
  "referenceLink": "http://cgit.freedesktop.org/spice/spice/commit/?id=ee1beff2ab0961066c71466a195430fb2473240d",
  "serverity": "\u4e2d",
  "submitTime": "2015-10-11",
  "title": "Spice \u0027surface_id\u0027\u5806\u6ea2\u51fa\u6f0f\u6d1e"
}

FKIE_CVE-2015-5260

Vulnerability from fkie_nvd - Published: 2016-06-07 14:06 - Updated: 2025-04-12 10:46

Severity ?

7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

References

	URL	Tags
	secalert@redhat.com	http://lists.freedesktop.org/archives/spice-devel/2015-October/022191.html
	secalert@redhat.com	http://rhn.redhat.com/errata/RHSA-2015-1889.html
	secalert@redhat.com	http://rhn.redhat.com/errata/RHSA-2015-1890.html
	secalert@redhat.com	http://www.debian.org/security/2015/dsa-3371
	secalert@redhat.com	http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
	secalert@redhat.com	http://www.securityfocus.com/bid/77019
	secalert@redhat.com	http://www.securitytracker.com/id/1033753
	secalert@redhat.com	http://www.ubuntu.com/usn/USN-2766-1
	secalert@redhat.com	https://bugzilla.redhat.com/show_bug.cgi?id=1260822
	secalert@redhat.com	https://security.gentoo.org/glsa/201606-05
	af854a3a-2127-422b-91ae-364da2661108	http://lists.freedesktop.org/archives/spice-devel/2015-October/022191.html
	af854a3a-2127-422b-91ae-364da2661108	http://rhn.redhat.com/errata/RHSA-2015-1889.html
	af854a3a-2127-422b-91ae-364da2661108	http://rhn.redhat.com/errata/RHSA-2015-1890.html
	af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2015/dsa-3371
	af854a3a-2127-422b-91ae-364da2661108	http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
	af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/77019
	af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1033753
	af854a3a-2127-422b-91ae-364da2661108	http://www.ubuntu.com/usn/USN-2766-1
	af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=1260822
	af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/201606-05

Impacted products

Vendor	Product	Version
redhat	enterprise_linux_desktop	6.0
redhat	enterprise_linux_hpc_node	6.0
redhat	enterprise_linux_server	6.0
redhat	enterprise_linux_server_eus	6.7.z
redhat	enterprise_linux_workstation	6.0
debian	debian_linux	7.0
debian	debian_linux	8.0
canonical	ubuntu_linux	14.04
canonical	ubuntu_linux	15.04
spice_project	spice	*
redhat	enterprise_linux_desktop	7.0
redhat	enterprise_linux_hpc_node	7.0
redhat	enterprise_linux_hpc_node_eus	7.1
redhat	enterprise_linux_server	7.0
redhat	enterprise_linux_server_eus	7.1
redhat	enterprise_linux_workstation	7.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_hpc_node:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C2FAC325-6EEB-466D-9EBA-8ED4DBC9CFBF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:6.7.z:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA856400-1B48-429A-94A0-173B7EEE1EC2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*",
              "matchCriteriaId": "F38D3B7E-8429-473F-BB31-FC3583EE5A5B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:spice_project:spice:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEBE327D-19D9-41F1-8EF7-6D894CE35655",
              "versionEndIncluding": "0.12.5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C84489B-B08C-4854-8A12-D01B6E45CF79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_hpc_node_eus:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7071F0C7-E43E-4F2E-9FEB-E8FB3DEA4749",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E8CD4EF-DC90-40BB-A721-6EC087507906",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Heap-based buffer overflow in SPICE before 0.12.6 allows guest OS users to cause a denial of service (heap-based memory corruption and QEMU-KVM crash) or possibly execute arbitrary code on the host via QXL commands related to the surface_id parameter."
    },
    {
      "lang": "es",
      "value": "Desbordamiento de buffer basado en memoria din\u00e1mica en SPICE en versiones anteriores a 0.12.6 permite a usuarios invitados del SO provocar una denegaci\u00f3n de servicio (corrupci\u00f3n basada en memoria din\u00e1mica y ca\u00edda de QEMu-KVM) o posiblemente ejecutar c\u00f3digo arbitrario en el anfitri\u00f3n a trav\u00e9s de comandos QXL relacionados con el par\u00e1metro surface_id ."
    }
  ],
  "id": "CVE-2015-5260",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-06-07T14:06:06.713",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.freedesktop.org/archives/spice-devel/2015-October/022191.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://rhn.redhat.com/errata/RHSA-2015-1889.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://rhn.redhat.com/errata/RHSA-2015-1890.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.debian.org/security/2015/dsa-3371"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/bid/77019"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securitytracker.com/id/1033753"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.ubuntu.com/usn/USN-2766-1"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1260822"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://security.gentoo.org/glsa/201606-05"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.freedesktop.org/archives/spice-devel/2015-October/022191.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2015-1889.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2015-1890.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2015/dsa-3371"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/77019"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1033753"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-2766-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1260822"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.gentoo.org/glsa/201606-05"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2015-5260

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

Aliases

CVE-2015-5260

Aliases

CVE-2015-5260

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2015-5260",
    "description": "Heap-based buffer overflow in SPICE before 0.12.6 allows guest OS users to cause a denial of service (heap-based memory corruption and QEMU-KVM crash) or possibly execute arbitrary code on the host via QXL commands related to the surface_id parameter.",
    "id": "GSD-2015-5260",
    "references": [
      "https://www.suse.com/security/cve/CVE-2015-5260.html",
      "https://www.debian.org/security/2015/dsa-3371",
      "https://access.redhat.com/errata/RHSA-2015:1890",
      "https://access.redhat.com/errata/RHSA-2015:1889",
      "https://ubuntu.com/security/CVE-2015-5260",
      "https://advisories.mageia.org/CVE-2015-5260.html",
      "https://linux.oracle.com/cve/CVE-2015-5260.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2015-5260"
      ],
      "details": "Heap-based buffer overflow in SPICE before 0.12.6 allows guest OS users to cause a denial of service (heap-based memory corruption and QEMU-KVM crash) or possibly execute arbitrary code on the host via QXL commands related to the surface_id parameter.",
      "id": "GSD-2015-5260",
      "modified": "2023-12-13T01:20:06.240576Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secalert@redhat.com",
        "ID": "CVE-2015-5260",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Heap-based buffer overflow in SPICE before 0.12.6 allows guest OS users to cause a denial of service (heap-based memory corruption and QEMU-KVM crash) or possibly execute arbitrary code on the host via QXL commands related to the surface_id parameter."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://lists.freedesktop.org/archives/spice-devel/2015-October/022191.html",
            "refsource": "MISC",
            "url": "http://lists.freedesktop.org/archives/spice-devel/2015-October/022191.html"
          },
          {
            "name": "http://www.securitytracker.com/id/1033753",
            "refsource": "MISC",
            "url": "http://www.securitytracker.com/id/1033753"
          },
          {
            "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html",
            "refsource": "MISC",
            "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
          },
          {
            "name": "http://rhn.redhat.com/errata/RHSA-2015-1889.html",
            "refsource": "MISC",
            "url": "http://rhn.redhat.com/errata/RHSA-2015-1889.html"
          },
          {
            "name": "http://rhn.redhat.com/errata/RHSA-2015-1890.html",
            "refsource": "MISC",
            "url": "http://rhn.redhat.com/errata/RHSA-2015-1890.html"
          },
          {
            "name": "http://www.debian.org/security/2015/dsa-3371",
            "refsource": "MISC",
            "url": "http://www.debian.org/security/2015/dsa-3371"
          },
          {
            "name": "http://www.securityfocus.com/bid/77019",
            "refsource": "MISC",
            "url": "http://www.securityfocus.com/bid/77019"
          },
          {
            "name": "http://www.ubuntu.com/usn/USN-2766-1",
            "refsource": "MISC",
            "url": "http://www.ubuntu.com/usn/USN-2766-1"
          },
          {
            "name": "https://security.gentoo.org/glsa/201606-05",
            "refsource": "MISC",
            "url": "https://security.gentoo.org/glsa/201606-05"
          },
          {
            "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1260822",
            "refsource": "MISC",
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1260822"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:6.7.z:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_hpc_node:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:spice_project:spice:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "0.12.5",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_hpc_node_eus:7.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2015-5260"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Heap-based buffer overflow in SPICE before 0.12.6 allows guest OS users to cause a denial of service (heap-based memory corruption and QEMU-KVM crash) or possibly execute arbitrary code on the host via QXL commands related to the surface_id parameter."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-119"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[Spice-devel] 20151006 Announcing spice 0.12.6",
              "refsource": "MLIST",
              "tags": [],
              "url": "http://lists.freedesktop.org/archives/spice-devel/2015-October/022191.html"
            },
            {
              "name": "RHSA-2015:1890",
              "refsource": "REDHAT",
              "tags": [],
              "url": "http://rhn.redhat.com/errata/RHSA-2015-1890.html"
            },
            {
              "name": "DSA-3371",
              "refsource": "DEBIAN",
              "tags": [],
              "url": "http://www.debian.org/security/2015/dsa-3371"
            },
            {
              "name": "USN-2766-1",
              "refsource": "UBUNTU",
              "tags": [],
              "url": "http://www.ubuntu.com/usn/USN-2766-1"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1260822",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1260822"
            },
            {
              "name": "RHSA-2015:1889",
              "refsource": "REDHAT",
              "tags": [],
              "url": "http://rhn.redhat.com/errata/RHSA-2015-1889.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
            },
            {
              "name": "77019",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/77019"
            },
            {
              "name": "GLSA-201606-05",
              "refsource": "GENTOO",
              "tags": [],
              "url": "https://security.gentoo.org/glsa/201606-05"
            },
            {
              "name": "1033753",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id/1033753"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2023-02-13T00:52Z",
      "publishedDate": "2016-06-07T14:06Z"
    }
  }
}

CERTFR-2015-AVI-442

Vulnerability from certfr_avis - Published: 2015-10-21 - Updated: 2015-10-21

De multiples vulnérabilités ont été corrigées dans Oracle Linux. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Oracle	N/A	Oracle Linux version 6
Oracle	N/A	Oracle Linux version 7
Oracle	N/A	Oracle Linux version 5

References

Title

Publication Time

GHSA-3GGJ-V8PG-XQ6F

Vulnerability from github – Published: 2022-05-17 01:06 – Updated: 2022-05-17 01:06

Details

Severity ?

7.8 (High)


                  
                    CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2015-5260"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2016-06-07T14:06:00Z",
    "severity": "HIGH"
  },
  "details": "Heap-based buffer overflow in SPICE before 0.12.6 allows guest OS users to cause a denial of service (heap-based memory corruption and QEMU-KVM crash) or possibly execute arbitrary code on the host via QXL commands related to the surface_id parameter.",
  "id": "GHSA-3ggj-v8pg-xq6f",
  "modified": "2022-05-17T01:06:05Z",
  "published": "2022-05-17T01:06:05Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5260"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2015:1889"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2015:1890"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2015-5260"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1260822"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/201606-05"
    },
    {
      "type": "WEB",
      "url": "http://lists.freedesktop.org/archives/spice-devel/2015-October/022191.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2015-1889.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2015-1890.html"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2015/dsa-3371"
    },
    {
      "type": "WEB",
      "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/77019"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1033753"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/USN-2766-1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2015-5260 (GCVE-0-2015-5260)

CNVD-2015-06544

FKIE_CVE-2015-5260

GSD-2015-5260

CERTFR-2015-AVI-442

Solution

GHSA-3GGJ-V8PG-XQ6F

Tags

Sightings

Nomenclature