[3.5] spice: Missing check in demarshal.py:write_validate_array_item() allows for buffer overflow and denial of service (CVE-2018-10873)
A vulnerability was discovered in SPICE before version 0.14.1 where the
generated code used for demarshalling messages
lacked sufficient bounds checks. A malicious client or server, after authentication, could send specially crafted messages
to its peer which would result in a crash or, potentially, other impacts.
(from redmine: issue id 9313, created on 2018-08-21, closed on 2018-11-08)
- Revision 4e7f2805 on 2018-11-07T14:12:42Z:
main/spice: security fix (CVE-2018-10873) Fixes #9313