Vulnerability-Lookup

CVE-2015-5261 (GCVE-0-2015-5261)

Vulnerability from cvelistv5 – Published: 2016-06-07 14:00 – Updated: 2024-08-06 06:41

Summary

Heap-based buffer overflow in SPICE before 0.12.6 allows guest OS users to read and write to arbitrary memory locations on the host via guest QXL commands related to surface creation.

Severity ?

No CVSS data available.

CWE

Assigner

redhat

References

URL

GHSA-W69P-8VXH-M87G

Vulnerability from github – Published: 2022-05-17 01:06 – Updated: 2022-05-17 01:06

Details

Heap-based buffer overflow in SPICE before 0.12.6 allows guest OS users to read and write to arbitrary memory locations on the host via guest QXL commands related to surface creation.

Severity ?

7.1 (High)


                  
                    CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2015-5261"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2016-06-07T14:06:00Z",
    "severity": "HIGH"
  },
  "details": "Heap-based buffer overflow in SPICE before 0.12.6 allows guest OS users to read and write to arbitrary memory locations on the host via guest QXL commands related to surface creation.",
  "id": "GHSA-w69p-8vxh-m87g",
  "modified": "2022-05-17T01:06:05Z",
  "published": "2022-05-17T01:06:05Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5261"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1261889"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/201606-05"
    },
    {
      "type": "WEB",
      "url": "http://lists.freedesktop.org/archives/spice-devel/2015-October/022191.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2015-1889.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2015-1890.html"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2015/dsa-3371"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2015/10/06/4"
    },
    {
      "type": "WEB",
      "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1033753"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/USN-2766-1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

FKIE_CVE-2015-5261

Vulnerability from fkie_nvd - Published: 2016-06-07 14:06 - Updated: 2025-04-12 10:46

Severity ?

7.1 (High) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Summary

Heap-based buffer overflow in SPICE before 0.12.6 allows guest OS users to read and write to arbitrary memory locations on the host via guest QXL commands related to surface creation.

References

	URL	Tags
	secalert@redhat.com	http://lists.freedesktop.org/archives/spice-devel/2015-October/022191.html
	secalert@redhat.com	http://rhn.redhat.com/errata/RHSA-2015-1889.html
	secalert@redhat.com	http://rhn.redhat.com/errata/RHSA-2015-1890.html
	secalert@redhat.com	http://www.debian.org/security/2015/dsa-3371
	secalert@redhat.com	http://www.openwall.com/lists/oss-security/2015/10/06/4
	secalert@redhat.com	http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
	secalert@redhat.com	http://www.securitytracker.com/id/1033753
	secalert@redhat.com	http://www.ubuntu.com/usn/USN-2766-1
	secalert@redhat.com	https://bugzilla.redhat.com/show_bug.cgi?id=1261889
	secalert@redhat.com	https://security.gentoo.org/glsa/201606-05
	af854a3a-2127-422b-91ae-364da2661108	http://lists.freedesktop.org/archives/spice-devel/2015-October/022191.html
	af854a3a-2127-422b-91ae-364da2661108	http://rhn.redhat.com/errata/RHSA-2015-1889.html
	af854a3a-2127-422b-91ae-364da2661108	http://rhn.redhat.com/errata/RHSA-2015-1890.html
	af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2015/dsa-3371
	af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2015/10/06/4
	af854a3a-2127-422b-91ae-364da2661108	http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
	af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1033753
	af854a3a-2127-422b-91ae-364da2661108	http://www.ubuntu.com/usn/USN-2766-1
	af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=1261889
	af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/201606-05

Impacted products

Vendor	Product	Version
canonical	ubuntu_linux	14.04
canonical	ubuntu_linux	15.04
redhat	enterprise_linux_desktop	6.0
redhat	enterprise_linux_hpc_node	6.0
redhat	enterprise_linux_server	6.0
redhat	enterprise_linux_server_eus	6.7.z
redhat	enterprise_linux_workstation	6.0
redhat	enterprise_linux_desktop	7.0
redhat	enterprise_linux_hpc_node	7.0
redhat	enterprise_linux_hpc_node_eus	7.1
redhat	enterprise_linux_server	7.0
redhat	enterprise_linux_server_eus	7.1
redhat	enterprise_linux_workstation	7.0
debian	debian_linux	7.0
debian	debian_linux	8.0
spice_project	spice	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*",
              "matchCriteriaId": "F38D3B7E-8429-473F-BB31-FC3583EE5A5B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_hpc_node:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C2FAC325-6EEB-466D-9EBA-8ED4DBC9CFBF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:6.7.z:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA856400-1B48-429A-94A0-173B7EEE1EC2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C84489B-B08C-4854-8A12-D01B6E45CF79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_hpc_node_eus:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7071F0C7-E43E-4F2E-9FEB-E8FB3DEA4749",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E8CD4EF-DC90-40BB-A721-6EC087507906",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:spice_project:spice:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEBE327D-19D9-41F1-8EF7-6D894CE35655",
              "versionEndIncluding": "0.12.5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Heap-based buffer overflow in SPICE before 0.12.6 allows guest OS users to read and write to arbitrary memory locations on the host via guest QXL commands related to surface creation."
    },
    {
      "lang": "es",
      "value": "Desbordamiento de buffer basado en memoria din\u00e1mica en SPICE en versiones anteriores a 0.12.6 permite a usuarios invitados del SO leer y escribir en localizaciones de memoria arbitrarias en el anfitri\u00f3n a trav\u00e9s de comandos QXL de invitado relacionados con la creaci\u00f3n de superficie."
    }
  ],
  "id": "CVE-2015-5261",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 3.6,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 7.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.2,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-06-07T14:06:07.683",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.freedesktop.org/archives/spice-devel/2015-October/022191.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://rhn.redhat.com/errata/RHSA-2015-1889.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://rhn.redhat.com/errata/RHSA-2015-1890.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.debian.org/security/2015/dsa-3371"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.openwall.com/lists/oss-security/2015/10/06/4"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securitytracker.com/id/1033753"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.ubuntu.com/usn/USN-2766-1"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1261889"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://security.gentoo.org/glsa/201606-05"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.freedesktop.org/archives/spice-devel/2015-October/022191.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2015-1889.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2015-1890.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2015/dsa-3371"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2015/10/06/4"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1033753"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-2766-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1261889"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.gentoo.org/glsa/201606-05"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CERTFR-2015-AVI-442

Vulnerability from certfr_avis - Published: 2015-10-21 - Updated: 2015-10-21

De multiples vulnérabilités ont été corrigées dans Oracle Linux. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Oracle	N/A	Oracle Linux version 6
Oracle	N/A	Oracle Linux version 7
Oracle	N/A	Oracle Linux version 5

References

Title

Publication Time

GSD-2015-5261

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

Heap-based buffer overflow in SPICE before 0.12.6 allows guest OS users to read and write to arbitrary memory locations on the host via guest QXL commands related to surface creation.

Aliases

CVE-2015-5261

Aliases

CVE-2015-5261

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2015-5261",
    "description": "Heap-based buffer overflow in SPICE before 0.12.6 allows guest OS users to read and write to arbitrary memory locations on the host via guest QXL commands related to surface creation.",
    "id": "GSD-2015-5261",
    "references": [
      "https://www.suse.com/security/cve/CVE-2015-5261.html",
      "https://www.debian.org/security/2015/dsa-3371",
      "https://access.redhat.com/errata/RHSA-2015:1890",
      "https://access.redhat.com/errata/RHSA-2015:1889",
      "https://ubuntu.com/security/CVE-2015-5261",
      "https://advisories.mageia.org/CVE-2015-5261.html",
      "https://linux.oracle.com/cve/CVE-2015-5261.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2015-5261"
      ],
      "details": "Heap-based buffer overflow in SPICE before 0.12.6 allows guest OS users to read and write to arbitrary memory locations on the host via guest QXL commands related to surface creation.",
      "id": "GSD-2015-5261",
      "modified": "2023-12-13T01:20:06.190709Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secalert@redhat.com",
        "ID": "CVE-2015-5261",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Heap-based buffer overflow in SPICE before 0.12.6 allows guest OS users to read and write to arbitrary memory locations on the host via guest QXL commands related to surface creation."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://lists.freedesktop.org/archives/spice-devel/2015-October/022191.html",
            "refsource": "MISC",
            "url": "http://lists.freedesktop.org/archives/spice-devel/2015-October/022191.html"
          },
          {
            "name": "http://www.securitytracker.com/id/1033753",
            "refsource": "MISC",
            "url": "http://www.securitytracker.com/id/1033753"
          },
          {
            "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html",
            "refsource": "MISC",
            "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
          },
          {
            "name": "http://rhn.redhat.com/errata/RHSA-2015-1889.html",
            "refsource": "MISC",
            "url": "http://rhn.redhat.com/errata/RHSA-2015-1889.html"
          },
          {
            "name": "http://rhn.redhat.com/errata/RHSA-2015-1890.html",
            "refsource": "MISC",
            "url": "http://rhn.redhat.com/errata/RHSA-2015-1890.html"
          },
          {
            "name": "http://www.debian.org/security/2015/dsa-3371",
            "refsource": "MISC",
            "url": "http://www.debian.org/security/2015/dsa-3371"
          },
          {
            "name": "http://www.ubuntu.com/usn/USN-2766-1",
            "refsource": "MISC",
            "url": "http://www.ubuntu.com/usn/USN-2766-1"
          },
          {
            "name": "https://security.gentoo.org/glsa/201606-05",
            "refsource": "MISC",
            "url": "https://security.gentoo.org/glsa/201606-05"
          },
          {
            "name": "http://www.openwall.com/lists/oss-security/2015/10/06/4",
            "refsource": "MISC",
            "url": "http://www.openwall.com/lists/oss-security/2015/10/06/4"
          },
          {
            "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1261889",
            "refsource": "MISC",
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1261889"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_hpc_node:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:6.7.z:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_hpc_node_eus:7.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:spice_project:spice:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "0.12.5",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2015-5261"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Heap-based buffer overflow in SPICE before 0.12.6 allows guest OS users to read and write to arbitrary memory locations on the host via guest QXL commands related to surface creation."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-119"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[Spice-devel] 20151006 Announcing spice 0.12.6",
              "refsource": "MLIST",
              "tags": [],
              "url": "http://lists.freedesktop.org/archives/spice-devel/2015-October/022191.html"
            },
            {
              "name": "RHSA-2015:1890",
              "refsource": "REDHAT",
              "tags": [],
              "url": "http://rhn.redhat.com/errata/RHSA-2015-1890.html"
            },
            {
              "name": "DSA-3371",
              "refsource": "DEBIAN",
              "tags": [],
              "url": "http://www.debian.org/security/2015/dsa-3371"
            },
            {
              "name": "[oss-security] 20151006 Fwd: [vs-plain] CVE-2015-5261",
              "refsource": "MLIST",
              "tags": [],
              "url": "http://www.openwall.com/lists/oss-security/2015/10/06/4"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1261889",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1261889"
            },
            {
              "name": "USN-2766-1",
              "refsource": "UBUNTU",
              "tags": [],
              "url": "http://www.ubuntu.com/usn/USN-2766-1"
            },
            {
              "name": "RHSA-2015:1889",
              "refsource": "REDHAT",
              "tags": [],
              "url": "http://rhn.redhat.com/errata/RHSA-2015-1889.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
            },
            {
              "name": "GLSA-201606-05",
              "refsource": "GENTOO",
              "tags": [],
              "url": "https://security.gentoo.org/glsa/201606-05"
            },
            {
              "name": "1033753",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id/1033753"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 3.6,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 4.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "LOW",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.0"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 5.2
        }
      },
      "lastModifiedDate": "2017-09-16T01:29Z",
      "publishedDate": "2016-06-07T14:06Z"
    }
  }
}

CNVD-2015-06542

Vulnerability from cnvd - Published: 2015-10-16

Title

Spice堆溢出漏洞

Description

SPICE(独立计算环境简单协议)是红帽企业虚拟化桌面版的三大主要技术组件之一,具有自适应能力的远程提交协议,能够提供与物理桌面完全相同的最终用户体验。 SPICE存在安全漏洞，本地攻击者利用漏洞可使QEMU-KVM进程崩溃。

Severity

中

Patch Name

Spice堆溢出漏洞的补丁

Patch Description

SPICE(独立计算环境简单协议)是红帽企业虚拟化桌面版的三大主要技术组件之一,具有自适应能力的远程提交协议,能够提供与物理桌面完全相同的最终用户体验。 SPICE存在安全漏洞，guest系统的本地用户可通过特殊的QXL命令触发堆溢出，可使QEMU-KVM进程崩溃。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

用户可参考如下厂商提供的安全公告获取补丁以修复该漏洞： http://cgit.freedesktop.org/spice/spice/commit/?id=ee1beff2ab0961066c71466a195430fb2473240d

Reference

http://cgit.freedesktop.org/spice/spice/commit/?id=ee1beff2ab0961066c71466a195430fb2473240d

Impacted products

Name
Red Hat SPICE

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2015-5261"
    }
  },
  "description": "SPICE(\u72ec\u7acb\u8ba1\u7b97\u73af\u5883\u7b80\u5355\u534f\u8bae)\u662f\u7ea2\u5e3d\u4f01\u4e1a\u865a\u62df\u5316\u684c\u9762\u7248\u7684\u4e09\u5927\u4e3b\u8981\u6280\u672f\u7ec4\u4ef6\u4e4b\u4e00,\u5177\u6709\u81ea\u9002\u5e94\u80fd\u529b\u7684\u8fdc\u7a0b\u63d0\u4ea4\u534f\u8bae,\u80fd\u591f\u63d0\u4f9b\u4e0e\u7269\u7406\u684c\u9762\u5b8c\u5168\u76f8\u540c\u7684\u6700\u7ec8\u7528\u6237\u4f53\u9a8c\u3002\r\n\r\nSPICE\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u672c\u5730\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u53ef\u4f7fQEMU-KVM\u8fdb\u7a0b\u5d29\u6e83\u3002",
  "discovererName": "unknown",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u5382\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u516c\u544a\u83b7\u53d6\u8865\u4e01\u4ee5\u4fee\u590d\u8be5\u6f0f\u6d1e\uff1a\r\nhttp://cgit.freedesktop.org/spice/spice/commit/?id=ee1beff2ab0961066c71466a195430fb2473240d",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2015-06542",
  "openTime": "2015-10-16",
  "patchDescription": "SPICE(\u72ec\u7acb\u8ba1\u7b97\u73af\u5883\u7b80\u5355\u534f\u8bae)\u662f\u7ea2\u5e3d\u4f01\u4e1a\u865a\u62df\u5316\u684c\u9762\u7248\u7684\u4e09\u5927\u4e3b\u8981\u6280\u672f\u7ec4\u4ef6\u4e4b\u4e00,\u5177\u6709\u81ea\u9002\u5e94\u80fd\u529b\u7684\u8fdc\u7a0b\u63d0\u4ea4\u534f\u8bae,\u80fd\u591f\u63d0\u4f9b\u4e0e\u7269\u7406\u684c\u9762\u5b8c\u5168\u76f8\u540c\u7684\u6700\u7ec8\u7528\u6237\u4f53\u9a8c\u3002\r\n\r\nSPICE\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0cguest\u7cfb\u7edf\u7684\u672c\u5730\u7528\u6237\u53ef\u901a\u8fc7\u7279\u6b8a\u7684QXL\u547d\u4ee4\u89e6\u53d1\u5806\u6ea2\u51fa\uff0c\u53ef\u4f7fQEMU-KVM\u8fdb\u7a0b\u5d29\u6e83\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Spice\u5806\u6ea2\u51fa\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Red Hat SPICE"
  },
  "referenceLink": "http://cgit.freedesktop.org/spice/spice/commit/?id=ee1beff2ab0961066c71466a195430fb2473240d",
  "serverity": "\u4e2d",
  "submitTime": "2015-10-11",
  "title": "Spice\u5806\u6ea2\u51fa\u6f0f\u6d1e"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2015-5261 (GCVE-0-2015-5261)

GHSA-W69P-8VXH-M87G

FKIE_CVE-2015-5261

CERTFR-2015-AVI-442

Solution

GSD-2015-5261

CNVD-2015-06542

Tags

Sightings

Nomenclature